Evaluation of Reinforcement Learning for Autonomous Penetration Testing using A3C, Q-learning and DQN
This work addresses automating security testing to reduce human effort, but it is incremental as it applies existing RL methods to a specific domain with small-scale scenarios.
The study tackled automating penetration testing by training reinforcement learning agents (Q-learning, DQN, A3C) in a Network Attack Simulator on three security scenarios, with A3C solving all scenarios and using fewer actions than baseline automated testing.
Penetration testing is the process of searching for security weaknesses by simulating an attack. It is usually performed by experienced professionals, where scanning and attack tools are applied. By automating the execution of such tools, the need for human interaction and decision-making could be reduced. In this work, a Network Attack Simulator (NASim) was used as an environment to train reinforcement learning agents to solve three predefined security scenarios. These scenarios cover techniques of exploitation, post-exploitation and wiretapping. A large hyperparameter grid search was performed to find the best hyperparameter combinations. The algorithms Q-learning, DQN and A3C were used, whereby A3C was able to solve all scenarios and achieve generalization. In addition, A3C could solve these scenarios with fewer actions than the baseline automated penetration testing. Although the training was performed on rather small scenarios and with small state and action spaces for the agents, the results show that a penetration test can successfully be performed by the RL agent.