Abstract
Penetration testing (PT) is an active method for assessing and evaluating the security of digital assets by planning, generating and executing all possible attacks that can exploit existing vulnerabilities. Current PT practice is becoming repetitive, complex and resource consuming despite the use of automated tools. The goal of this paper is to design an intelligent PT approach using reinforcement learning (RL) that will allow regular and systematic testing, saving human resources. The system is modelled as a partially observed Markov decision process (POMDP), and tested using an external POMDP-solver with different algorithms. Although this paper is limited to only the planning phase and not the entire PT process, the results support the hypothesis that reinforcement learning can enhance PT beyond the capabilities of any human expert in terms of accurate and reliable outputs.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
