Modeling Penetration Testing with Reinforcement Learning Using
Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A
Priori Knowledge
- URL: http://arxiv.org/abs/2005.12632v2
- Date: Sat, 22 May 2021 09:31:40 GMT
- Title: Modeling Penetration Testing with Reinforcement Learning Using
Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A
Priori Knowledge
- Authors: Fabio Massimo Zennaro and Laszlo Erdodi
- Abstract summary: Penetration testing is a security exercise aimed at assessing the security of a system by simulating attacks against it.
This paper focuses on simplified penetration testing problems expressed in the form of capture the flag hacking challenges.
We show how this challenge may be eased by relying on different forms of prior knowledge that may be provided to the agent.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Penetration testing is a security exercise aimed at assessing the security of
a system by simulating attacks against it. So far, penetration testing has been
carried out mainly by trained human attackers and its success critically
depended on the available expertise. Automating this practice constitutes a
non-trivial problem, as the range of actions that a human expert may attempts
against a system and the range of knowledge she relies on to take her decisions
are hard to capture. In this paper, we focus our attention on simplified
penetration testing problems expressed in the form of capture the flag hacking
challenges, and we analyze how model-free reinforcement learning algorithms may
help to solve them. In modeling these capture the flag competitions as
reinforcement learning problems we highlight that a specific challenge that
characterize penetration testing is the problem of discovering the structure of
the problem at hand. We then show how this challenge may be eased by relying on
different forms of prior knowledge that may be provided to the agent. In this
way we demonstrate how the feasibility of tackling penetration testing using
reinforcement learning may rest on a careful trade-off between model-free and
model-based algorithms. By using techniques to inject a priori knowledge, we
show it is possible to better direct the agent and restrict the space of its
exploration problem, thus achieving solutions more efficiently.
Related papers
- LEAP:D - A Novel Prompt-based Approach for Domain-Generalized Aerial Object Detection [2.1233286062376497]
We introduce an innovative vision-language approach using learnable prompts.
This shift from conventional manual prompts aims to reduce domain-specific knowledge interference.
We streamline the training process with a one-step approach, updating the learnable prompt concurrently with model training.
arXiv Detail & Related papers (2024-11-14T04:39:10Z) - Optimising Human-AI Collaboration by Learning Convincing Explanations [62.81395661556852]
We propose a method for a collaborative system that remains safe by having a human making decisions.
Ardent enables efficient and effective decision-making by adapting to individual preferences for explanations.
arXiv Detail & Related papers (2023-11-13T16:00:16Z) - Causal Reinforcement Learning: A Survey [57.368108154871]
Reinforcement learning is an essential paradigm for solving sequential decision problems under uncertainty.
One of the main obstacles is that reinforcement learning agents lack a fundamental understanding of the world.
Causality offers a notable advantage as it can formalize knowledge in a systematic manner.
arXiv Detail & Related papers (2023-07-04T03:00:43Z) - You Only Live Once: Single-Life Reinforcement Learning [124.1738675154651]
In many real-world situations, the goal might not be to learn a policy that can do the task repeatedly, but simply to perform a new task successfully once in a single trial.
We formalize this problem setting, where an agent must complete a task within a single episode without interventions.
We propose an algorithm, $Q$-weighted adversarial learning (QWALE), which employs a distribution matching strategy.
arXiv Detail & Related papers (2022-10-17T09:00:11Z) - Towards Robust Deep Learning using Entropic Losses [0.0]
This thesis tackles the defiant out-of-distribution detection task by proposing novel loss functions and detection scores.
We also deal with this robustness-related task, which evaluates how realistic the probabilities presented by the deep neural network are.
arXiv Detail & Related papers (2022-08-06T18:52:39Z) - A Unified End-to-End Retriever-Reader Framework for Knowledge-based VQA [67.75989848202343]
This paper presents a unified end-to-end retriever-reader framework towards knowledge-based VQA.
We shed light on the multi-modal implicit knowledge from vision-language pre-training models to mine its potential in knowledge reasoning.
Our scheme is able to not only provide guidance for knowledge retrieval, but also drop these instances potentially error-prone towards question answering.
arXiv Detail & Related papers (2022-06-30T02:35:04Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - MURAL: Meta-Learning Uncertainty-Aware Rewards for Outcome-Driven
Reinforcement Learning [65.52675802289775]
We show that an uncertainty aware classifier can solve challenging reinforcement learning problems.
We propose a novel method for computing the normalized maximum likelihood (NML) distribution.
We show that the resulting algorithm has a number of intriguing connections to both count-based exploration methods and prior algorithms for learning reward functions.
arXiv Detail & Related papers (2021-07-15T08:19:57Z) - Adversarial Example Detection for DNN Models: A Review [13.131592630524905]
The aim of adversarial example (AE) is to fool the Deep Learning model which makes it a potential risk for DL applications.
Few reviews and surveys were published and theoretically showed the taxonomy of the threats and the countermeasure methods.
A detailed discussion for such methods is provided and experimental results for eight state-of-the-art detectors are presented.
arXiv Detail & Related papers (2021-05-01T09:55:17Z) - Simulating SQL Injection Vulnerability Exploitation Using Q-Learning
Reinforcement Learning Agents [0.0]
We consider a simplification of the dynamics ofsql injection attacks by casting this problem as a security capture-the-flag challenge.
We deploy different reinforcement learning agents tasked with learning an effective policy to performsql injection.
Our results aim to contribute to understanding the potential and the limits of reinforcement learning in a security environment.
arXiv Detail & Related papers (2021-01-08T17:19:21Z) - Opportunities and Challenges in Deep Learning Adversarial Robustness: A
Survey [1.8782750537161614]
This paper studies strategies to implement adversary robustly trained algorithms towards guaranteeing safety in machine learning algorithms.
We provide a taxonomy to classify adversarial attacks and defenses, formulate the Robust Optimization problem in a min-max setting, and divide it into 3 subcategories, namely: Adversarial (re)Training, Regularization Approach, and Certified Defenses.
arXiv Detail & Related papers (2020-07-01T21:00:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.