基于攻击图和深度Q学习网络的自动化安全分析与渗透测试模型

doi:10.11959/j.issn.2096-109x.2023091

Abstract

Abstract:

With the continuous development and widespread application of network technology, network security issues have become increasingly prominent.Penetration testing has emerged as an important method for assessing and enhancing network security.However, traditional manual penetration testing methods suffer from inefficiency,human error, and tester skills, leading to high uncertainty and poor evaluation results.To address these challenges, an autonomous security analysis and penetration testing framework called ASAPT was proposed, based on attack graphs and deep Q-learning networks (DQN).The ASAPT framework was consisted of two main components:training data construction and model training.In the training data construction phase, attack graphs were utilized to model the threats in the target network by representing vulnerabilities and possible attacker attack paths as nodes and edges.By integrating the common vulnerability scoring system (CVSS) vulnerability database, a “state-action”transition matrix was constructed, which depicted the attacker’s behavior and transition probabilities in different states.This matrix comprehensively captured the attacker’s capabilities and network security status.To reduce computational complexity, a depth-first search (DFS) algorithm was innovatively applied to simplify the transition matrix, identifying and preserving all attack paths that lead to the final goal for subsequent model training.In the model training phase, a deep reinforcement learning algorithm based on DQN was employed to determine the optimal attack path during penetration testing.The algorithm interacted continuously with the environment, updating the Q-value function to progressively optimize the selection of attack paths.Simulation results demonstrate that ASAPT achieves an accuracy of 84% in identifying the optimal path and exhibits fast convergence speed.Compared to traditional Q-learning, ASAPT demonstrates superior adaptability in dealing with large-scale network environments, which could provide guidance for practical penetration testing.

Key words: autonomous penetration testing, reinforcement learning, attack graph, deep Q-learning network

CLC Number:

TP393

Cheng FAN, Guoqing HU, Taojie DING, Zhanhua ZHANG. Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network[J]. Chinese Journal of Network and Information Security, 2023, 9(6): 166-175.

Figures/Tables 16

References 22

[1]	JAJODIA S , NOELS . Topological vulnerability analysis:a powerful new approach for network attack prevention,detection,and response[M]// Algorithms,Architectures and Information Systems Security. World Scientific, 2008: 285-305.
[2]	网络安全人才实战能力白皮书[EB]. 2022.
	White paper on practical competence of cybersecurity talents[EB]. 2022.
[3]	WANG G Y , WANG H M , CHEN Z J ,et al. Research on computer network attack modeling based on attack graph[J]. Journal of National University of Defense Technology, 2009,31(4): 74-80.
[4]	SHEYNERO , HAINESJ JHA S . Automated generation and analysis of attack graphs[C]// Proceedings 2002 IEEE Symposium on Security and Privacy. 2004: 273-284.
[5]	OBESJL , SARRAUTEC RICHARTE G . Attack planning in the real world[EB].
[6]	SARRAUTE C , RICHARTE G , OBES J L . An algorithm to find optimal attack paths in nondeterministic scenarios[C]// Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. 2011: 71-80.
[7]	SARRAUTE C , BUFFET O , HOFFMANN J . Penetration testing==POMDP solving[J]. Computer Science, 2013,33(5): 535-540.
[8]	JONATHON S , HANNA KI . Autonomous penetration testing using reinforcement learning[J]. arxiv preprint arxiv:1905.05965, 2019.
[9]	YOUSEFI M , NHAMO M , ZHANGY , . A reinforcement learning approach for attack graph analysis[C]// 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). 2018. 212-217.
[10]	赵海妮, 焦健 . 基于强化学习的渗透路径推荐模型[J]. 计算机应用, 2022,42(6): 1689-1694.
	ZHAO H N , JIAO J . Recommendation model of penetration path based on reinforcement learning[J]. Journal of Computer Application, 2022,42(6): 1689-1694.
[11]	SECURITY A . Acunetix Web application security blog:statixtics from 10,000 leaked hotmail passwords[EB].
[12]	VYAMAJALA S , MOHD T K , JAVAID A . A real-world Implementation of SQL injection attack using open source tools for enhanced cybersecurity learning[C]// Proceedings of 2018 IEEE International Conference on Electro/Information Technology(EIT). 2018.
[13]	康海燕, 龙墨澜 . 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023,44(2): 122-135.
	KANG H Y , LONG M L . Research on network attack analysis method based on attack graph of absorbing Markov chain[J]. Journal on Communications, 2023,44(2): 122-135.
[14]	罗智勇, 宋伟伟, 张文博 ,等. 基于 Markov 攻击图和博弈模型的区块链安全态势感知方法[J]. 电子与信息学报, 2023,45(4): 1374-1382.
	LUO Z Y , SONG W W , ZHANG W B ,et al. Blockchain security situational awareness method based on Markov attack graph and game model[J]. Journal of Electronics ＆ Information Technology, 2023,45(4): 1374-1382.
[15]	王赛娥, 刘彩霞, 刘树新 . 一种基于攻击图的 5G 网络安全风险评估方法[J]. 计算机应用与软件, 2023,40(4): 289-296,335.
	WANG S E , LIU C X , LIU S X . A method of 5G network security risk assessment based on attack graph[J]. Computer Applications and Software, 2023,40(4): 289-296,335.
[16]	KANG J , ZHANG Y , ZHOU Z . A bayesian attack graph-based vulnerability assessment for cyber-physical power systems[J]. IEEE Transactions on Smart Grid, 2023,14(2): 139-148.
[17]	SABUR A , CHOWDHARY A , HUANG D ,et al. S3:a DFW-based scalable security state analysis framework for large-scale data center networks[C]// The 22nd International Symposium on Research in Attacks,Intrusions and Defenses(RAID). 2019: 497-485.
[18]	JEFFREY D J , LI J H , CHEN Z S . Reinforcement learning:an introduction[J]. Neurocomputing, 2000,35(1).
[19]	CHRISTOPHER J . Q-learning[J]. Machine Learning, 1992>,8(3): 279-292.
[20]	FAN J Q , WANG Z R , XIE Y C ,et al. A theoretical analysis of deep q learning[C]// Proceedings of the 2nd Conference on Learning for Dynamics and Control/Proceedings of Machine Learning Research (PMLR). 2020: 486-489.
[21]	WANG Y , WANG Y , LI Y ,et al. A review on deep Q-learning for robotic control[J]. IEEE Transactions on Industrial Electronics, 2022,69(11): 9468-9481.
[22]	潘刚, 米士超, 郭荣华 ,等. 基于攻击树和 CVSS 的网络攻击效果评估方法[J]. 电子技术应用, 2022,48(4): 76-80.
	PAN G , MI S C , GUO R H ,et al. Evaluation method of network attack effect based on attack tree and CVSS[J]. Application of Electronic Technique, 2022,48(4): 76-80.

Metrics

Recommended 0

No Suggested Reading articles found!

主机	漏洞标识	应用	端口	对应服务
Web服务器	CVE-2021-42013	Apach	80	HTTP/HTTPS
文件服务器	CVE-2019-12815	FTP	21	FTP
工作站	—	—	—	—

漏洞标识	漏洞类型	漏洞得分	效果
CVE-2021-42013	代码执行	9.8	root
CVE-2019-12815	文件读取	9.3	user

序号	节点信息描述
1	execCode(workStation, root), OR, 0
2	RULE 4(Trojan horse installation), AND, 0
3	accessFile(workStation, write, ‘/export’), OR, 0
4	RULE10(NFS shell), AND, 0
5	nfsExportInfo (workStation, ‘/export’, write,fileServer), LEAF, 1
6	hacl(fileServer, workStation, nfsProtocl, nfsPort), LEAF, 1
7	execCode(fileServer, user), OR, 0
8	RULE3(remote exploit of a client program), AND, 0
9	vulExists(fileServer, ‘CVE-2019-12815’, ftp, remote-Exploit, privEscalation), LEAF, 1
10	networkServiceInfo(fileserver, http, tcp ,80, root), LEAF, 1
11	netAccess(fileServer, tcp ,80), OR 0
12	RULE7(multi-hop access), AND, 1
13	hacl(webServer, fileServer, tcp, 80), LEAF, 1
14	execCode(webServer, root), OR, 0
15	RULE2(remote exploit of a server program), AND, 0
16	vulExists(webServer, ‘CVE-2021-42013’, remote-Exploit, privEscalation), LEAF, 1
17	networkServiceInfo(webServer, httpd, tcp ,80),LEAF, 1
18	netAccess(webServer, tcp.80), OR, 0
19	RULE6(direct network access), AND, 0
20	hacl(internet, webServer, tcp, 80), LEAF, 1
21	attackerLocated(internet), LEAF, 1
22	RULE15(NFSshell), AND, 0
23	nfsExportInfo(fileServer, ’/export’, write, webServer), LEAF, 1
24	hacl(webServer, fileServer, nfsProtocl, nfsPort), LEAF, 1

攻击路径编号	起始节点的奖励值	中间节点的累积奖励值	最终目标节点的奖励值
1	0.01	12.8	100
2	0.01	22.1	100

模型	准确率	平均路径长度
ASAPT	0.837	1.925

Autonomous security analysis and penetration testing model based on attack graph and deep Q-learning network

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 22

Related Articles 9

Metrics

Recommended 0

[1]	Lige ZHAN, Letian SHA, Fu XIAO, Jiankuo DONG, Pinchang ZHANG. Automated Windows domain penetration method based on reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(4): 104-120.
[2]	Xiaoyan QIN, Yuhan LIU, Yunlong XU, Bin LI. Function approximation method based on weights gradient descent in reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(4): 16-28.
[3]	Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142.
[4]	Wenfu LIU, Jianmin PANG, Xin ZHOU, Nan LI, Feng YUE. Research on network risk assessment based on attack graph of expected benefits-rate [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 87-97.
[5]	Yaofang ZHANG, Zheyu ZHANG, Haikuo QU, Ge ZHANG, Zibo WANG, Bailing WANG. Key path analysis method for large-scale industrial control network [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 31-43.
[6]	Tangwei1 XU,Hailu ZHANG,Chuhuan LIU,Liang XIAO,Zhenmin ZHU. Reinforcement learning based group key agreement scheme with reduced latency for VANET [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 119-125.
[7]	Qiang LENG,Yingjie YANG,Dexian CHANG,Ruixuan PAN,Ying CAI,Hao HU. Dynamic defense decision method for network real-time confrontation [J]. Chinese Journal of Network and Information Security, 2019, 5(6): 58-66.
[8]	Hao HU, Yuling LIU, Yuchen ZHANG, Hongqi ZHANG. Survey of attack graph based network security metric [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 1-16.
[9]	Yuyang ZHOU, Guang CHENG, Chunsheng GUO. Risk assessment method for network attack surface based on Bayesian attack graph [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 11-22.