Automating post-exploitation with deep reinforcement learning. Issue 100 (January 2021)
- Record Type:
- Journal Article
- Title:
- Automating post-exploitation with deep reinforcement learning. Issue 100 (January 2021)
- Main Title:
- Automating post-exploitation with deep reinforcement learning
- Authors:
- Maeda, Ryusei
Mimura, Mamoru - Abstract:
- Abstract: In order to assess the risk of information systems, it is important to investigate the behavior of the attacker after successful exploitation (post-exploitation). However, the audit requires the experts, and to the best of our knowledge, there are no solutions to automate this process. This paper proposes a method of automating post-exploitation by combining deep reinforcement learning and the PowerShell Empire, which is famous as a post-exploitation framework. Our reinforcement learning agents select one of the PowerShell Empire modules as an action. The state of the agents is defined by 10 parameters such as type of account that was compromised by the agents. In the learning phase, we compared the learning progress of the 3 reinforcement learning models: A2C, Q-Learning, and SARSA. The result shows that the A2C could gain reward most efficiently. Moreover, the behavior of the trained agents are evaluated in a test domain network. The results show that the trained agent using A2C could obtain the administrative privileges to the domain controller.
- Is Part Of:
- Computers & security. Issue 100(2021)
- Journal:
- Computers & security
- Issue:
- Issue 100(2021)
- Issue Display:
- Volume 100, Issue 100 (2021)
- Year:
- 2021
- Volume:
- 100
- Issue:
- 100
- Issue Sort Value:
- 2021-0100-0100-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-01
- Subjects:
- Reinforcement learning -- Post-exploitation -- A2C -- Q-Learning -- SARSA -- Deep reinforcement learning -- Lateral movement
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.102108 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16036.xml