Automating Privilege Escalation with Deep Reinforcement Learning

TL;DR

This paper demonstrates how deep reinforcement learning can be used to automate privilege escalation attacks, providing a tool for generating realistic attack data to improve cybersecurity defenses.

Contribution

It introduces a novel deep reinforcement learning agent capable of performing privilege escalation in Windows environments, showcasing its potential for automated attack simulation.

Findings

Agent successfully escalates privileges in Windows 7

Uses diverse techniques depending on environment

Can generate realistic attack data for defenses

Abstract

AI-based defensive solutions are necessary to defend networks and information assets against intelligent automated attacks. Gathering enough realistic data for training machine learning-based defenses is a significant practical challenge. An intelligent red teaming agent capable of performing realistic attacks can alleviate this problem. However, there is little scientific evidence demonstrating the feasibility of fully automated attacks using machine learning. In this work, we exemplify the potential threat of malicious actors using deep reinforcement learning to train automated agents. We present an agent that uses a state-of-the-art reinforcement learning algorithm to perform local privilege escalation. Our results show that the autonomous agent can escalate privileges in a Windows 7 environment using a wide variety of different techniques depending on the environment configuration it encounters. Hence, our agent is usable for generating realistic attack sensor data for training and evaluating intrusion detection systems.