Over View
Penetration Testing is a hot topic in cybersecurity because it allows businesses to understand their weaknesses and strengths in their network. Every week or so in the news there is always some corporation that was breached because of weaknesses in their network or even ignorance. A breach could be caused by something as simple as a misconfiguration or being plagued by vulnerabilities. A Pen testers job is to simulate a cyber attack against businesses to both find weaknesses and verify that the businesses defenses can detect and respond to attacks.
In most cases, penetration tests require trained professionals to mostly do a manual attack on a corporation’s network. Penetration tests can cost a significant amount of money and time to be conducted. As a result of the cost, many businesses opt out of hiring penetration testers because they do not want to spend the money. In most cases when a breach occurs it is shown that it would of been cheaper to hire a firm to conduct a penetration test rather than the money and trust lost from a breach. Because of this ignorance, the goal of this project is to develop an agent that can automatically conduct penetration tests and help an organization determine weaknesses in their network.
The project aims to use Reinforcement Learning to allow an agent to be able to conduct penetration tests without a human operator. This will allow organizations to save both time and money. Not to mention, since penetration testers are human, they tend to make mistakes. This includes accidentally attacking parts of their infrastructure that could be considered out of scope or even missing critical weaknesses in their defense that could soon result in a severe breach.
Current Team Members:
Samuel Zurowski
Jordan Zimmitti
Andrew Mahr
Connor Blanchfield-Tomaszewski
PI: Vahid Behzadan
Affiliate Research Groups:
UNH Cyber Forensics Research & Education Group (UNHcFREG)
Tools and Datasets:
N/A – In the future
Publications:
N/A – In the future