PenGym: Pentesting Training Framework for Reinforcement Learning Agents

Thanh Nguyen; Zhi Chen; Kento Hasegawa; Kazuhide Fukushima; Razvan Beuran

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

PenGym: Pentesting Training Framework for Reinforcement Learning Agents

Topics: AI and Machine Learning for Security; Security; Security Frameworks, Architectures and Protocols

In Proceedings of the 10th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 498-509, 2024 , Rome, Italy

Authors: Thanh Nguyen ¹ ; Zhi Chen ¹ ; Kento Hasegawa ² ; Kazuhide Fukushima ² and Razvan Beuran ¹

Affiliations: ¹ Japan Advanced Institute of Science and Technology, Japan ; ² KDDI Research, Inc., Japan

Keyword(s): Penetration Testing, Reinforcement Learning, Agent Training Environment, Cyber Range.

Abstract: Penetration testing (pentesting) is an essential method for identifying and exploiting vulnerabilities in computer systems to improve their security. Recently, reinforcement learning (RL) has emerged as a promising approach for creating autonomous pentesting agents. However, the lack of realistic agent training environments has hindered the development of effective RL-based pentesting agents. To address this issue, we propose PenGym, a framework that provides real environments for training pentesting RL agents. PenGym makes available both network discovery and host-based exploitation actions to train, test, and validate RL agents in an emulated network environment. Our experiments demonstrate the feasibility of this approach, with the main advantage compared to typical simulation-based agent training being that PenGym is able to execute real pentesting actions in a real network environment, while providing a reasonable training time. Therefore, in PenGym there is no need to model act ions using assumptions and probabilities, since actions are conducted in an actual network and their results are real too. Furthermore, our results show that RL agents trained with PenGym took fewer steps on average to reach the pentesting goal—7.72 steps in our experiments, compared to 11.95 steps for simulation-trained agents. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.191.225.71

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Nguyen, T.; Chen, Z.; Hasegawa, K.; Fukushima, K. and Beuran, R. (2024). PenGym: Pentesting Training Framework for Reinforcement Learning Agents. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 498-509. DOI: 10.5220/0012367300003648

@conference{icissp24,
author={Thanh Nguyen. and Zhi Chen. and Kento Hasegawa. and Kazuhide Fukushima. and Razvan Beuran.},
title={PenGym: Pentesting Training Framework for Reinforcement Learning Agents},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={498-509},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012367300003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - PenGym: Pentesting Training Framework for Reinforcement Learning Agents
SN - 978-989-758-683-5
IS - 2184-4356
AU - Nguyen, T.
AU - Chen, Z.
AU - Hasegawa, K.
AU - Fukushima, K.
AU - Beuran, R.
PY - 2024
SP - 498
EP - 509
DO - 10.5220/0012367300003648
PB - SciTePress