Simulating SQL Injection Vulnerability Exploitation Using Q-Learning
Reinforcement Learning Agents
- URL: http://arxiv.org/abs/2101.03118v1
- Date: Fri, 8 Jan 2021 17:19:21 GMT
- Title: Simulating SQL Injection Vulnerability Exploitation Using Q-Learning
Reinforcement Learning Agents
- Authors: Laszlo Erdodi, {\AA}vald {\AA}slaugson Sommervoll, Fabio Massimo
Zennaro
- Abstract summary: We consider a simplification of the dynamics ofsql injection attacks by casting this problem as a security capture-the-flag challenge.
We deploy different reinforcement learning agents tasked with learning an effective policy to performsql injection.
Our results aim to contribute to understanding the potential and the limits of reinforcement learning in a security environment.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In this paper, we propose a first formalization of the process of
exploitation of SQL injection vulnerabilities. We consider a simplification of
the dynamics of SQL injection attacks by casting this problem as a security
capture-the-flag challenge. We model it as a Markov decision process, and we
implement it as a reinforcement learning problem. We then deploy different
reinforcement learning agents tasked with learning an effective policy to
perform SQL injection; we design our training in such a way that the agent
learns not just a specific strategy to solve an individual challenge but a more
generic policy that may be applied to perform SQL injection attacks against any
system instantiated randomly by our problem generator. We analyze the results
in terms of the quality of the learned policy and in terms of convergence time
as a function of the complexity of the challenge and the learning agent's
complexity. Our work fits in the wider research on the development of
intelligent agents for autonomous penetration testing and white-hat hacking,
and our results aim to contribute to understanding the potential and the limits
of reinforcement learning in a security environment.
Related papers
- Exploring Answer Set Programming for Provenance Graph-Based Cyber Threat Detection: A Novel Approach [4.302577059401172]
Provenance graphs are useful tools for representing system-level activities in cybersecurity.
This paper presents a novel approach using ASP to model and analyze provenance graphs.
arXiv Detail & Related papers (2025-01-24T14:57:27Z) - Multi-agent Reinforcement Learning-based Network Intrusion Detection System [3.4636217357968904]
Intrusion Detection Systems (IDS) play a crucial role in ensuring the security of computer networks.
We propose a novel multi-agent reinforcement learning (RL) architecture, enabling automatic, efficient, and robust network intrusion detection.
Our solution introduces a resilient architecture designed to accommodate the addition of new attacks and effectively adapt to changes in existing attack patterns.
arXiv Detail & Related papers (2024-07-08T09:18:59Z) - HAZARD Challenge: Embodied Decision Making in Dynamically Changing
Environments [93.94020724735199]
HAZARD consists of three unexpected disaster scenarios, including fire, flood, and wind.
This benchmark enables us to evaluate autonomous agents' decision-making capabilities across various pipelines.
arXiv Detail & Related papers (2024-01-23T18:59:43Z) - Machine Learning Insides OptVerse AI Solver: Design Principles and
Applications [74.67495900436728]
We present a comprehensive study on the integration of machine learning (ML) techniques into Huawei Cloud's OptVerse AI solver.
We showcase our methods for generating complex SAT and MILP instances utilizing generative models that mirror multifaceted structures of real-world problem.
We detail the incorporation of state-of-the-art parameter tuning algorithms which markedly elevate solver performance.
arXiv Detail & Related papers (2024-01-11T15:02:15Z) - Leveraging Sequentiality in Reinforcement Learning from a Single
Demonstration [68.94506047556412]
We propose to leverage a sequential bias to learn control policies for complex robotic tasks using a single demonstration.
We show that DCIL-II can solve with unprecedented sample efficiency some challenging simulated tasks such as humanoid locomotion and stand-up.
arXiv Detail & Related papers (2022-11-09T10:28:40Z) - You Only Live Once: Single-Life Reinforcement Learning [124.1738675154651]
In many real-world situations, the goal might not be to learn a policy that can do the task repeatedly, but simply to perform a new task successfully once in a single trial.
We formalize this problem setting, where an agent must complete a task within a single episode without interventions.
We propose an algorithm, $Q$-weighted adversarial learning (QWALE), which employs a distribution matching strategy.
arXiv Detail & Related papers (2022-10-17T09:00:11Z) - Option-Aware Adversarial Inverse Reinforcement Learning for Robotic
Control [44.77500987121531]
Hierarchical Imitation Learning (HIL) has been proposed to recover highly-complex behaviors in long-horizon tasks from expert demonstrations.
We develop a novel HIL algorithm based on Adversarial Inverse Reinforcement Learning.
We also propose a Variational Autoencoder framework for learning with our objectives in an end-to-end fashion.
arXiv Detail & Related papers (2022-10-05T00:28:26Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Automating Privilege Escalation with Deep Reinforcement Learning [71.87228372303453]
In this work, we exemplify the potential threat of malicious actors using deep reinforcement learning to train automated agents.
We present an agent that uses a state-of-the-art reinforcement learning algorithm to perform local privilege escalation.
Our agent is usable for generating realistic attack sensor data for training and evaluating intrusion detection systems.
arXiv Detail & Related papers (2021-10-04T12:20:46Z) - Deep hierarchical reinforcement agents for automated penetration testing [0.0]
This paper presents a novel deep reinforcement learning architecture with hierarchically structured agents called HA-DRL.
The proposed architecture is shown to find the optimal attacking policy faster and more stably than a conventional deep Q-learning agent.
arXiv Detail & Related papers (2021-09-14T05:28:22Z) - Modeling Penetration Testing with Reinforcement Learning Using
Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A
Priori Knowledge [0.0]
Penetration testing is a security exercise aimed at assessing the security of a system by simulating attacks against it.
This paper focuses on simplified penetration testing problems expressed in the form of capture the flag hacking challenges.
We show how this challenge may be eased by relying on different forms of prior knowledge that may be provided to the agent.
arXiv Detail & Related papers (2020-05-26T11:23:10Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.