Automated Post-Breach Penetration Testing through Reinforcement Learning

Outlet Title

2020 IEEE Conference on Communications and Network Security (CNS)

Document Type


Publication Date



Predicting cyber attacks to networks is ever present challenges in the security domain. Rapid growth of Artificial Intelligence (AI) has made this even more challenging as machine learning algorithms are now used to attack such systems while defense systems continue to protect them with traditional approaches. Penetration testing (pentest) has long been one way to prevent security breaches by mimicking black hat hackers to expose possible exploits and vulnerabilities. Using trained machine learning agents to automate this process is an important research area that still needs to be explored. The objective of this paper is to apply machine learning in the post-exploitation phase of penetration testing to assess the vulnerability of the system and hence, contribute to the automation process of penetration testing. We train the agent using reinforcement learning by providing an appropriate environment to explore a compromised network and find sensitive files. By utilizing several different network environments during training, we hope to generalize our agent as much as possible, allowing for more widespread application. Extended research may include training our agent for further lateral exploration and exploitation in the system.