ExploitFlow, cyber security exploitation routes for Game Theory and AI research in robotics

TL;DR

ExploitFlow is a modular AI and Game Theory-driven library designed to automate cyber security exploits, enabling advanced research in robotics and AI security with promising results from reinforcement learning agents.

Contribution

Introduction of ExploitFlow, a novel modular library that automates cyber exploits and facilitates AI and Game Theory research in cybersecurity and robotics.

Findings

EF effectively explores machine learning in robot cybersecurity.

Reinforcement Learning agents using EF outperform brute-force and human experts.

Identified limitations include overfitting and dataset scarcity.

Abstract

This paper addresses the prevalent lack of tools to facilitate and empower Game Theory and Artificial Intelligence (AI) research in cybersecurity. The primary contribution is the introduction of ExploitFlow (EF), an AI and Game Theory-driven modular library designed for cyber security exploitation. EF aims to automate attacks, combining exploits from various sources, and capturing system states post-action to reason about them and understand potential attack trees. The motivation behind EF is to bolster Game Theory and AI research in cybersecurity, with robotics as the initial focus. Results indicate that EF is effective for exploring machine learning in robot cybersecurity. An artificial agent powered by EF, using Reinforcement Learning, outperformed both brute-force and human expert approaches, laying the path for using ExploitFlow for further research. Nonetheless, we identified several limitations in EF-driven agents, including a propensity to overfit, the scarcity and production cost of datasets for generalization, and challenges in interpreting networking states across varied security settings. To leverage the strengths of ExploitFlow while addressing identified shortcomings, we present Malism, our vision for a comprehensive automated penetration testing framework with ExploitFlow at its core.