Evaluation of Reinforcement Learning for Autonomous Penetration Testing using A3C, Q-learning and DQN

TL;DR

This paper evaluates reinforcement learning algorithms, specifically A3C, Q-learning, and DQN, for automating penetration testing tasks within a simulated environment, demonstrating A3C's superior performance and generalization capabilities.

Contribution

It introduces the application of RL algorithms to penetration testing scenarios and shows A3C's effectiveness in solving security challenges with fewer actions than traditional methods.

Findings

A3C successfully solved all tested scenarios.

A3C required fewer actions than baseline automated testing.

Hyperparameter tuning improved RL agent performance.

Abstract

Penetration testing is the process of searching for security weaknesses by simulating an attack. It is usually performed by experienced professionals, where scanning and attack tools are applied. By automating the execution of such tools, the need for human interaction and decision-making could be reduced. In this work, a Network Attack Simulator (NASim) was used as an environment to train reinforcement learning agents to solve three predefined security scenarios. These scenarios cover techniques of exploitation, post-exploitation and wiretapping. A large hyperparameter grid search was performed to find the best hyperparameter combinations. The algorithms Q-learning, DQN and A3C were used, whereby A3C was able to solve all scenarios and achieve generalization. In addition, A3C could solve these scenarios with fewer actions than the baseline automated penetration testing. Although the training was performed on rather small scenarios and with small state and action spaces for the agents, the results show that a penetration test can successfully be performed by the RL agent.