Related papers: Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A Priori Knowledge

Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A Priori Knowledge

URL: http://arxiv.org/abs/2005.12632v2
Date: Sat, 22 May 2021 09:31:40 GMT
Title: Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A Priori Knowledge
Authors: Fabio Massimo Zennaro and Laszlo Erdodi
Abstract summary: Penetration testing is a security exercise aimed at assessing the security of a system by simulating attacks against it. This paper focuses on simplified penetration testing problems expressed in the form of capture the flag hacking challenges. We show how this challenge may be eased by relying on different forms of prior knowledge that may be provided to the agent.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Penetration testing is a security exercise aimed at assessing the security of a system by simulating attacks against it. So far, penetration testing has been carried out mainly by trained human attackers and its success critically depended on the available expertise. Automating this practice constitutes a non-trivial problem, as the range of actions that a human expert may attempts against a system and the range of knowledge she relies on to take her decisions are hard to capture. In this paper, we focus our attention on simplified penetration testing problems expressed in the form of capture the flag hacking challenges, and we analyze how model-free reinforcement learning algorithms may help to solve them. In modeling these capture the flag competitions as reinforcement learning problems we highlight that a specific challenge that characterize penetration testing is the problem of discovering the structure of the problem at hand. We then show how this challenge may be eased by relying on different forms of prior knowledge that may be provided to the agent. In this way we demonstrate how the feasibility of tackling penetration testing using reinforcement learning may rest on a careful trade-off between model-free and model-based algorithms. By using techniques to inject a priori knowledge, we show it is possible to better direct the agent and restrict the space of its exploration problem, thus achieving solutions more efficiently.

Related papers

Sequential Decision Making with Expert Demonstrations under Unobserved Heterogeneity [22.0059059325909]
We study the problem of online sequential decision-making given auxiliary demonstrations from experts who made their decisions based on unobserved contextual information. This setting arises in many application domains, such as self-driving cars, healthcare, and finance. We propose the Experts-as-Priors algorithm (ExPerior), a non-parametric empirical Bayes approach.
arXiv Detail & Related papers (2024-04-10T18:00:17Z)
Optimising Human-AI Collaboration by Learning Convincing Explanations [62.81395661556852]
We propose a method for a collaborative system that remains safe by having a human making decisions. Ardent enables efficient and effective decision-making by adapting to individual preferences for explanations.
arXiv Detail & Related papers (2023-11-13T16:00:16Z)
Causal Reinforcement Learning: A Survey [57.368108154871]
Reinforcement learning is an essential paradigm for solving sequential decision problems under uncertainty. One of the main obstacles is that reinforcement learning agents lack a fundamental understanding of the world. Causality offers a notable advantage as it can formalize knowledge in a systematic manner.
arXiv Detail & Related papers (2023-07-04T03:00:43Z)
You Only Live Once: Single-Life Reinforcement Learning [124.1738675154651]
In many real-world situations, the goal might not be to learn a policy that can do the task repeatedly, but simply to perform a new task successfully once in a single trial. We formalize this problem setting, where an agent must complete a task within a single episode without interventions. We propose an algorithm, $Q$-weighted adversarial learning (QWALE), which employs a distribution matching strategy.
arXiv Detail & Related papers (2022-10-17T09:00:11Z)
Towards Robust Deep Learning using Entropic Losses [0.0]
This thesis tackles the defiant out-of-distribution detection task by proposing novel loss functions and detection scores. We also deal with this robustness-related task, which evaluates how realistic the probabilities presented by the deep neural network are.
arXiv Detail & Related papers (2022-08-06T18:52:39Z)
A Unified End-to-End Retriever-Reader Framework for Knowledge-based VQA [67.75989848202343]
This paper presents a unified end-to-end retriever-reader framework towards knowledge-based VQA. We shed light on the multi-modal implicit knowledge from vision-language pre-training models to mine its potential in knowledge reasoning. Our scheme is able to not only provide guidance for knowledge retrieval, but also drop these instances potentially error-prone towards question answering.
arXiv Detail & Related papers (2022-06-30T02:35:04Z)
Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z)
MURAL: Meta-Learning Uncertainty-Aware Rewards for Outcome-Driven Reinforcement Learning [65.52675802289775]
We show that an uncertainty aware classifier can solve challenging reinforcement learning problems. We propose a novel method for computing the normalized maximum likelihood (NML) distribution. We show that the resulting algorithm has a number of intriguing connections to both count-based exploration methods and prior algorithms for learning reward functions.
arXiv Detail & Related papers (2021-07-15T08:19:57Z)
Adversarial Example Detection for DNN Models: A Review [13.131592630524905]
The aim of adversarial example (AE) is to fool the Deep Learning model which makes it a potential risk for DL applications. Few reviews and surveys were published and theoretically showed the taxonomy of the threats and the countermeasure methods. A detailed discussion for such methods is provided and experimental results for eight state-of-the-art detectors are presented.
arXiv Detail & Related papers (2021-05-01T09:55:17Z)
Simulating SQL Injection Vulnerability Exploitation Using Q-Learning Reinforcement Learning Agents [0.0]
We consider a simplification of the dynamics ofsql injection attacks by casting this problem as a security capture-the-flag challenge. We deploy different reinforcement learning agents tasked with learning an effective policy to performsql injection. Our results aim to contribute to understanding the potential and the limits of reinforcement learning in a security environment.
arXiv Detail & Related papers (2021-01-08T17:19:21Z)
Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey [1.8782750537161614]
This paper studies strategies to implement adversary robustly trained algorithms towards guaranteeing safety in machine learning algorithms. We provide a taxonomy to classify adversarial attacks and defenses, formulate the Robust Optimization problem in a min-max setting, and divide it into 3 subcategories, namely: Adversarial (re)Training, Regularization Approach, and Certified Defenses.
arXiv Detail & Related papers (2020-07-01T21:00:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.