MEGA-PT: A Meta-Game Framework for Agile Penetration Testing

TL;DR

MEGA-PT introduces a novel meta-game framework for automated, adaptive, and efficient penetration testing that enhances cybersecurity defenses through micro and macro-level modeling.

Contribution

The paper presents MEGA-PT, a new meta-game framework combining local and network-wide strategies for agile and scalable penetration testing.

Findings

Improved defense strategies demonstrated in experiments.

Enhanced adaptability to network changes.

Effective local and global attack planning.

Abstract

Penetration testing is an essential means of proactive defense in the face of escalating cybersecurity incidents. Traditional manual penetration testing methods are time-consuming, resource-intensive, and prone to human errors. Current trends in automated penetration testing are also impractical, facing significant challenges such as the curse of dimensionality, scalability issues, and lack of adaptability to network changes. To address these issues, we propose MEGA-PT, a meta-game penetration testing framework, featuring micro tactic games for node-level local interactions and a macro strategy process for network-wide attack chains. The micro- and macro-level modeling enables distributed, adaptive, collaborative, and fast penetration testing. MEGA-PT offers agile solutions for various security schemes, including optimal local penetration plans, purple teaming solutions, and risk assessment, providing fundamental principles to guide future automated penetration testing. Our experiments demonstrate the effectiveness and agility of our model by providing improved defense strategies and adaptability to changes at both local and network levels.