Reinforcement Learning for Automated Cybersecurity Penetration Testing
This work addresses the problem of reducing maintenance costs and improving security for web application developers, though it appears incremental by applying existing methods to a specific domain.
The paper tackled automating cybersecurity penetration testing for web applications by developing a reinforcement learning algorithm that maximizes vulnerabilities found and minimizes steps required, achieving improved efficiency in testing.
This paper aims to provide an innovative machine learning-based solution to automate security testing tasks for web applications, ensuring the correct functioning of all components while reducing project maintenance costs. Reinforcement Learning is proposed to select and prioritize tools and optimize the testing path. The presented approach utilizes a simulated webpage along with its network topology to train the agent. Additionally, the model leverages Geometric Deep Learning to create priors that reduce the search space and improve learning convergence. The validation and testing process was conducted on real-world vulnerable web pages commonly used by human hackers for learning. As a result of this study, a reinforcement learning algorithm was developed that maximizes the number of vulnerabilities found while minimizing the number of steps required