Method for monitoring the sequence of implementation of attacking actions during an active analysis of the security of corporate networks
DOI: 10.31673/2409-7292.2020.025258
DOI:
https://doi.org/10.31673/2409-7292.2020.025258Abstract
The article proposes an approach to increase the efficiency of vulnerability validation during automatic active analysis of security of corporate networks based on control of the sequence of implementation of offensive actions (exploits) according to softmax action selection strategy using Gibbs probability distribution. At the same time, based on a practical analysis of the process of validation of vulnerabilities, the coefficient of erroneous decisions on the implementation of the exploit was introduced, which allows to dynamically change the key parameter of the Gibbs distribution - temperature, which in turn balances the probability of choosing the next attack. when implementing the validation of the identified vulnerabilities of a specific target system.
Keywords: active security analysis, corporate network, target system, reinforced training, action choice strategy, vulnerability validation, exploit.
Перечень источников
1. CVSS Severity Distribution Over Time [Електронний ресурс] // National Vulnerability Database – Режим доступу до ресурсу: https://nvd.nist.gov/vuln-metrics/visualizations/cvss-severity-distribution-over-time (03.08.20).
2. Sarraute C. Penetration testing == POMDP solving? / C.Sarraute, O.Buffet, J.Hoffmann. // arXiv. – 2013. - arXiv:1306.4714.
3. Sarraute C. POMDPs make better hackers: Accounting for uncertainty in penetration testing. / C.Sarraute, O.Buffet, J.Hoffmann // In Proceedings of the 26th AAAI Conference on Artificial Intelligence «AAAI’12». Toronto, ON, Canada, July 2012. AAAI Press. - pp. 1816-1824.
4. Shmaryahu D. Partially observable contingent planning for penetration testing / D.Shmaryahu, G.Shani, J.Hoffmann // 2017 1st Int Workshop on Artificial Intelligence in Security. – 2017. – pp. 33-40.
5. Stefinko Ya. Theory of modern penetration testing expert system. / Ya.Ya.Stefinko, A.Z.Piskozub // Information Processing Systems, -2017. - Vol. 2(148), - pp. 129-133.
6. Durkota K. Computing optimal policies for attack graphs with action failures and costs. / K.Durkota, V.Lisy. // In 7th European Starting AI Researchers` Symposium «STAIRS’14». January 2014.
7. Zhou T. NIG-AP: a new method for automated penetration testing. / T.Zhou, Y.Zang, J.Zhu, et al. // Frontiers Inf Technol Electronic Eng 20, - 2019. – pp. 1277–1288.
8. Sutton R.S. Reinforcement Learning: An Introduction second edition. / R.S. Sutton, A.G. Barto // The MIT Press, Cambridge, MA, 2018. - 445 P.
9. McFarlane R. A survey of exploration strategies in reinforcement learning. [Електронний ресурс] / R. McFarlane // McGill University – Режим доступу до ресурсу: http://www.cs.mcgill.ca/~cs526/roger.pdf (03.08.20).
