Raij\=u: Reinforcement Learning-Guided Post-Exploitation for Automating Security Assessment of Network Systems

TL;DR

Raijū introduces a reinforcement learning framework that automates post-exploitation steps in network security assessments, significantly improving efficiency and success rates in simulated environments.

Contribution

It presents a novel RL-driven automation framework for post-exploitation, integrating RL algorithms with attack modules to assist penetration testers.

Findings

Achieved over 84% success rate in automated attacks

RL agents effectively select actions for post-exploitation tasks

A2C algorithm outperforms PPO in action selection

Abstract

In order to assess the risks of a network system, it is important to investigate the behaviors of attackers after successful exploitation, which is called post-exploitation. Although there are various efficient tools supporting post-exploitation implementation, no application can automate this process. Most of the steps of this process are completed by experts who have profound knowledge of security, known as penetration testers or pen-testers. To this end, our study proposes the Raij\=u framework, a Reinforcement Learning (RL)-driven automation approach that assists pen-testers in quickly implementing the process of post-exploitation for security-level evaluation in network systems. We implement two RL algorithms, Advantage Actor-Critic (A2C) and Proximal Policy Optimization (PPO), to train specialized agents capable of making intelligent actions, which are Metasploit modules to automatically launch attacks of privileges escalation, gathering hashdump, and lateral movement. By leveraging RL, we aim to empower these agents with the ability to autonomously select and execute actions that can exploit vulnerabilities in target systems. This approach allows us to automate certain aspects of the penetration testing workflow, making it more efficient and responsive to emerging threats and vulnerabilities. The experiments are performed in four real environments with agents trained in thousands of episodes. The agents automatically select actions and launch attacks on the environments and achieve over 84\% of successful attacks with under 55 attack steps given. Moreover, the A2C algorithm has proved extremely effective in the selection of proper actions for automation of post-exploitation.