Version 1
: Received: 23 October 2024 / Approved: 23 October 2024 / Online: 23 October 2024 (11:59:30 CEST)
How to cite:
Liu, X.; Zhang, Y.; Li, W.; Gu, W. Modeling and Intelligent Decision of Partially Observable Penetration Testing for System Security Verification. Preprints2024, 2024101810. https://doi.org/10.20944/preprints202410.1810.v1
Liu, X.; Zhang, Y.; Li, W.; Gu, W. Modeling and Intelligent Decision of Partially Observable Penetration Testing for System Security Verification. Preprints 2024, 2024101810. https://doi.org/10.20944/preprints202410.1810.v1
Liu, X.; Zhang, Y.; Li, W.; Gu, W. Modeling and Intelligent Decision of Partially Observable Penetration Testing for System Security Verification. Preprints2024, 2024101810. https://doi.org/10.20944/preprints202410.1810.v1
APA Style
Liu, X., Zhang, Y., Li, W., & Gu, W. (2024). Modeling and Intelligent Decision of Partially Observable Penetration Testing for System Security Verification. Preprints. https://doi.org/10.20944/preprints202410.1810.v1
Chicago/Turabian Style
Liu, X., Wenpeng Li and Wen Gu. 2024 "Modeling and Intelligent Decision of Partially Observable Penetration Testing for System Security Verification" Preprints. https://doi.org/10.20944/preprints202410.1810.v1
Abstract
As network systems become larger and more complex, there is an increasing focus on how to verify the security of systems that are at risk of being attacked. Automated penetration testing is one of the effective ways to do this. Uncertainty caused by adversarial relationships and the "fog of war" is an unavoidable problem in penetration testing research. However, related methods have largely focused on the uncertainty of state transitions in the penetration testing process, and have generally ignored the uncertainty caused by partially observable conditions. To address this new uncertainty introduced by partially observable conditions, we model the penetration testing process as a partially observable Markov decision process (POMDP), and propose an intelligent penetration testing decision method compatible with it. We experimentally validate the impact of partially observable conditions on penetration testing. The experimental results show that our method can effectively mitigate the negative impact of partially observable conditions on penetration testing decision. It also exhibits good scalability as the size of the target network increases.
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.