Domain-Independent Intelligent Planning Technology and Its Application to Automated Penetration Testing Oriented Attack Path Discovery

Yichao ZHANG; Tianyang ZHOU; Junhu ZHU; Qingxian WANG

doi:10.11999/JEIT191056

Volume 42 Issue 9

Sep. 2020

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2020 > 42(9): 2095-2107

Yichao ZHANG, Tianyang ZHOU, Junhu ZHU, Qingxian WANG. Domain-Independent Intelligent Planning Technology and Its Application to Automated Penetration Testing Oriented Attack Path Discovery[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2095-2107. doi: 10.11999/JEIT191056

Citation:

Yichao ZHANG, Tianyang ZHOU, Junhu ZHU, Qingxian WANG. Domain-Independent Intelligent Planning Technology and Its Application to Automated Penetration Testing Oriented Attack Path Discovery[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2095-2107. doi: 10.11999/JEIT191056

Citation:

Yichao ZHANG, Tianyang ZHOU, Junhu ZHU, Qingxian WANG. Domain-Independent Intelligent Planning Technology and Its Application to Automated Penetration Testing Oriented Attack Path Discovery[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2095-2107. doi: 10.11999/JEIT191056

PDF( 443 KB)

Domain-Independent Intelligent Planning Technology and Its Application to Automated Penetration Testing Oriented Attack Path Discovery

doi: 10.11999/JEIT191056

1.
State Key Laboratory of Mathematical Engineering and Advanced Computing, Information & Engineering University, Zhengzhou 450001, China
2.
National Engineering Technology Research Center of the National Digital Switching System, Zhengzhou 450001, China

Funds: The National Natural Science Foundation of China (61502528)

Received Date: 2019-12-31
Rev Recd Date: 2020-03-17

Available Online: 2020-07-21

Publish Date: 2020-09-27

Abstract

Abstract

Attack path discovery is an important research direction in automated penetration testing area. This paper introduces the research progress of domain independent intelligent planning technology and its application to the field of automated penetration testing oriented attack paths discovery. Firstly, the basic concept of attack path discovery is introduced and the related algorithms are divided into domain-specific and domain-independent intelligent planning based attack path discovery algorithms separately. Secondly, the domain-independent planning algorithms are classified into deterministic planning, uncertain planning and game planning, where each of which is described from principle, development and application aspect in detail. Thirdly, this paper summarizes the characteristics of automated penetration testing and compares the advantages and disadvantages of domain independent intelligent planning algorithms adopted in automated penetration testing. Lastly, the development of automated penetration testing oriented attack path discovery is prospected. It is hoped that this paper could contribute future research works on attack path discovery.
- Domain independent intelligent planning technology,
- Automated penetration testing,
- Attack path discovery

FullText(HTML)

References(72)

References

KRUTZ R L and VINES R D. The CISSP and CAP Prep guide: Platinum Edition[M]. New Jersey: Wiley, 2007.

STEFINKO Y, PISKOZUB A, and BANAKH R. Manual and automated penetration testing. Benefits and drawbacks. Modern tendency[C]. The 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science, Lviv, Ukraine, 2016: 488–491. doi: 10.1109/tcset.2016.7452095.

ABU-DABASEH F and ALSHAMMARI E. Automated penetration testing: An overview[C]. The 4th International Conference on Natural Language Computing, Copenhagen, Denmark, 2018: 121–129.

MCDERMOTT J P. Attack net penetration testing[C]. 2000 Workshop on New Security Paradigms, Ballycotton, Ireland, 2001: 15–21. doi: 10.1145/366173.366183.

诸葛建伟, 陈力波, 孙松柏, 等. Metasploit渗透测试魔鬼训练营[M]. 北京: 机械工业出版社, 2013: 3–4.

ZHUGE Jianwei, CHEN Libo, SUN Songbai, et al. Penetration Testing Devil Training Camp Based on Metasploit[M]. Beijing: China Machine Press, 2013: 3–4.

POLATIDIS N, PAVLIDIS M, and MOURATIDIS H. Cyber-attack path discovery in a dynamic supply chain maritime risk management system[J]. Computer Standards & Interfaces, 2018, 56: 74–82. doi: 10.1016/j.csi.2017.09.006

李庆华, 尤越, 沐雅琪, 等. 一种针对大型凹型障碍物的组合导航算法[J]. 电子与信息学报, 2020, 42(4): 917–923. doi: 10.11999/JEIT190179

LI Qinghua, YOU Yue, MU Yaqi, et al. Integrated navigation algorithm for large concave obstacles[J]. Journal of Electronics &Information Technology, 2020, 42(4): 917–923. doi: 10.11999/JEIT190179

BIALEK Ł, DUNIN-KĘPLICZ B, and SZAŁAS A. A paraconsistent approach to actions in informationally complex environments[J]. Annals of Mathematics and Artificial Intelligence, 2019, 86(4): 231–255. doi: 10.1007/s10472-019-09627-9

AMMANN P, WIJESEKERA D, and KAUSHIK S. Scalable, Graph-based network vulnerability analysis[C]. The 9th ACM Conference on Computer and Communications Security, Washington, USA, 2002: 217–224. doi: 10.1145/586110.586140.

CHEN Feng, LIU Dehui, ZHANG Yi, et al. A scalable approach to analyzing network security using compact attack graphs[J]. Journal of Networks, 2010, 5(5): 543–550. doi: 10.4304/jnw.5.5.543-550

OU Xinming, GOVINDAVAJHALA S, and APPEL A W. MulVAL: A logic-based network security analyzer[C]. The 14th Conference on USENIX Security Symposium, Baltimore, USA, 2005: 113–128.

WANG Lingyu, YAO Chao, SINGHAL A, et al. Interactive analysis of attack graphs using relational queries[C]. The 20th Annual Conference on Data and Applications Security and Privacy, Sophia Antipolis, France, 2006: 119–132. doi: 10.1007/11805588_9.

LI Wei, VAUGHN R B, and DANDASS Y S. An approach to model network exploitations using exploitation graphs[J] Simulation, 2006, 82(8): 523–541. doi: 10.1177/0037549706072046.

MAHDAVI A and CARVALHO M. Optimal trajectory and schedule planning for autonomous guided vehicles in flexible manufacturing system[C]. The 2nd IEEE International Conference on Robotic Computing, Laguna Hills, USA, 2018: 167–172. doi: 10.1109/irc.2018.00034.

MA Xiaobai, JIAO Ziyuan, WANG Zhenkai, et al. 3-D decentralized prioritized motion planning and coordination for high-density operations of micro aerial vehicles[J]. IEEE Transactions on Control Systems Technology, 2018, 26(3): 939–953. doi: 10.1109/tcst.2017.2699165

ZANG Yichao, ZHOU Tianyang, GE Xiaoyue, et al. An improved attack path discovery algorithm through compact graph planning[J]. IEEE Access, 2019, 7: 59346–59356. doi: 10.1109/access.2019.2915091

BODDY M S, GOHDE J, HAIGH T, et al. Course of action generation for cyber security using classical planning[C]. The 15th International Conference on Automated Planning and Scheduling, Monterey, USA, 2005: 12–21.

GARRETT C R, LOZANO-PÉREZ T, and KAELBLING L P. FFRob: Leveraging symbolic planning for efficient task and motion planning[J]. The International Journal of Robotics Research, 2018, 37(1): 104–136. doi: 10.1177/0278364917739114

KAUTZ H A and SELMAN B. Unifying SAT-based and graph-based planning[C]. The 16th International Joint Conference on Artificial Intelligence, Stockholm, Sweden, 1999: 318–325.

DO M B and KAMBHAMPATI S. Planning as constraint satisfaction: Solving the planning graph by compiling it into CSP[J]. Artificial Intelligence, 2001, 132(2): 151–182. doi: 10.1016/s0004-3702(01)00128-x

BAIOLETTI M, MARCUGINI S, and MILANI A. DPPlan: An algorithm for fast solutions extraction from a planning graph[C]. The 5th International Conference on Artificial Intelligence Planning Systems, Breckenridge, USA, 2000: 13–21.

BARRETT A and WELD D S. Partial-order planning: Evaluating possible efficiency gains[J]. Artificial Intelligence, 1994, 67(1): 71–112. doi: 10.1016/0004-3702(94)90012-4

NGUYEN X L and KAMBHAMPATI S. Reviving partial order planning[C]. The 17th International Joint Conference on Artificial Intelligence, Seattle, USA. 2001: 459–466.

YOUNES H L S and SIMMONS R G. VHPOP: Versatile heuristic partial order planner[J]. Journal of Artificial Intelligence Research, 2003, 20: 405–430. doi: 10.1613/jair.1136

COLES A J, COLES A, FOX M, et al. Forward-chaining partial-order planning[C]. The 20th International Conference on Automated Planning and Scheduling, Toronto, Canada, 2010: 42–49.

BOUTILIER C and BRAFMAN R I. Partial-order planning with concurrent interacting actions[J]. Journal of Artificial Intelligence Research, 2001, 14: 105–136. doi: 10.1613/jair.740

MOHR F, WEVER M, and HÜLLERMEIER E. ML-Plan: Automated machine learning via hierarchical planning[J]. Machine Learning, 2018, 107(8–10): 1495–1515. doi: 10.1007/s10994-018-5735-z

DE SILVA L, PADGHAM L, and SARDINA S. HTN-like solutions for classical planning problems: An application to BDI agent systems[J]. Theoretical Computer Science, 2019, 763: 12–37. doi: 10.1016/j.tcs.2019.01.034

SOHN S, OH J, and LEE H. Hierarchical reinforcement learning for zero-shot generalization with subtask dependencies[C]. The 32nd Conference on Neural Information Processing Systems, Montréal, Canada, 2018: 7156–7166.

MU Chengpo and LI Yingjiu. An intrusion response decision-making model based on hierarchical task network planning[J]. Expert Systems with Applications, 2010, 37(3): 2465–2472. doi: 10.1016/j.eswa.2009.07.079

ONTAÑÓN S and BURO M. Adversarial hierarchical-task network planning for complex real-time games[C]. The 24th International Joint Conference on Artificial Intelligence, Buenos Aires, Argentina, 2015: 1652–1658.

FU JICHENG, NG V, BASTANI F B, et al. Simple and fast strong cyclic planning for fully-observable nondeterministic planning problems[C]. The 22nd International Joint Conference on Artificial Intelligence, Barcelona, Spain, 2011: 1949–1954. doi: 10.1007/s10472-016-9517-7.

KOLOBOV A, MAUSAM M, and Weld D S. LRTDP versus UCT for online probabilistic planning[C]. The 26th AAAI Conference on Artificial Intelligence, Toronto, Canada, 2012: 1786–1792.

YOON S, FERN A, GIVAN R, et al. Probabilistic planning via determinization in hindsight[C]. The 23rd AAAI Conference on Artificial Intelligence, Chicago, USA, 2008: 1010–1016.

CIMATTI A, PISTORE M, ROVERI M, et al. Weak, strong, and strong cyclic planning via symbolic model checking[J]. Artificial Intelligence, 2003, 147(1/2): 35–84. doi: 10.1016/s0004-3702(02)00374-0

MUISE C J, MCILRAITH S A, and BECK J C. Improved non-deterministic planning by exploiting state relevance[C]. The 22nd International Conference on Automated Planning and Scheduling, Atibaia, Brazil, 2012: 172–180.

MUISE C J, MCILRAITH S A, and BELLE V. Non-deterministic planning with conditional effects[C]. The 24th International Conference on Automated Planning and Scheduling, Portsmouth, USA, 2014: 370–374.

李洋, 文中华, 伍小辉, 等. 求最小期望权值强循环规划解[J]. 计算机科学, 2015, 42(4): 217–220, 257. doi: 10.11896/j.issn.1002-137X.2015.04.044

LI Yang, WEN Zhonghua, WU Xiaohui, et al. Solving strong cyclic planning with minimal expectation weight[J]. Computer Science, 2015, 42(4): 217–220, 257. doi: 10.11896/j.issn.1002-137X.2015.04.044

唐杰, 文中华, 汪泉, 等. 不确定可逆规划的强循环规划解[J]. 计算机研究与发展, 2013, 50(9): 1970–1980. doi: 10.7544/issn1000-1239.2013.20130404

TANG Jie, WEN Zhonghua, WANG Quan, et al. Solving strong cyclic planning in nondeterministic reversible planning domain[J]. Journal of Computer Research and Development, 2013, 50(9): 1970–1980. doi: 10.7544/issn1000-1239.2013.20130404

KUSHMERICK N, HANKS S, and WELD D S. An algorithm for probabilistic planning[J]. Artificial Intelligence, 1995, 76(1/2): 239–286. doi: 10.1016/0004-3702(94)00087-H

YOON S W, FERN A, and GIVAN R. FF-Replan: A baseline for probabilistic planning[C]. The 17th International Conference on Automated Planning and Scheduling, Providence, USA, 2007: 352–359.

YOON S, RUML W, BENTON J, et al. Improving determinization in hindsight for on-line probabilistic planning[C]. The 20th International Conference on Automated Planning and Scheduling, Toronto, Canada, 2010: 209–216.

ISSAKKIMUTHU M, FERN A, KHARDON R, et al. Hindsight optimization for probabilistic planning with factored actions[C]. The 25th International Conference on Automated Planning and Scheduling, Jerusalem, Israel, 2015: 120–128.

BRYCE D, KAMBHAMPATI S, and SMITH D E. Sequential Monte Carlo in probabilistic planning reachability heuristics[C]. The 16th International Conference on Automated Planning and Scheduling, Cumbria, UK, 2006: 233–242.

TREVIZAN F W, THIÉBAUX S, and HASLUM P. Occupation measure heuristics for probabilistic planning[C]. The 27th International Conference on Automated Planning and Scheduling, Pittsburgh, USA, 2017: 306–315.

DURKOTA K and LISÝ V. Computing optimal policies for attack graphs with action failures and costs[C]. The 7th European Starting AI Researcher Symposium, Prague, Czech Republic, 2014: 101–110.

SUN Wen, GORDON G J, BOOTS B, et al. Dual policy iteration[C]. The 32nd Conference on Neural Information Processing Systems, Montréal, Canada, 2018: 7059–7069.

HOUTHOOFT R, CHEN R Y, ISOLA P, et al. Evolved policy gradients[C]. The 32nd International Conference on Neural Information Processing Systems, Montréal, Canada, 2018: 5405–5414.

LIU Huaping, WU Yupei, and SUN Fuchun. Extreme trust region policy optimization for active object recognition[J]. IEEE Transactions on Neural Networks and Learning Systems, 2018, 29(6): 2253–2258. doi: 10.1109/TNNLS.2017.2785233

SRINIVASAN S, LANCTOT M, ZAMBALDI V, et al. Actor-critic policy optimization in partially observable multiagent environments[C]. The 32nd Conference on Neural Information Processing Systems, Montréal, Canada, 2018: 3422–3435.

KANG Qinma, ZHOU Huizhuo, and KANG Yunfan. An asynchronous advantage actor-critic reinforcement learning method for stock selection and portfolio management[C]. The 2nd International Conference on Big Data Research, Weihai, China, 2018: 141–145. doi: 10.1145/3291801.3291831.

TAN Fuxiao and GUAN Xinping. Kernel-based adaptive critic designs for optimal control of nonlinear discrete-time system[C]. The 37th Chinese Control Conference, Wuhan, China, 2018: 2167–2172. doi: 10.23919/chicc.2018.8482778.

TAYLOR G and PARR R. Kernelized value function approximation for reinforcement learning[C]. The 26th Annual International Conference on Machine Learning, Montreal, Canada, 2009: 1017–1024. doi: 10.1145/1553374.1553504.

SARRAUTE C, BUFFET O, and HOFFMANN J. Penetration testing== POMDP solving?[C]. 2011 IJCAI Workshop on Intelligent Security, Barcelona, Spain, 2011: 66–73.

SMALLWOOD R D and SONDIK E J. The optimal control of partially observable Markov processes over a finite horizon[J]. Operations Research, 1973, 21(5): 1071–1088. doi: 10.1287/opre.21.5.1071

CHENG H T. Algorithms for partially observable Markov decision processes[D]. [Ph. D. dissertation], The University of British Columbia, 1988. doi: 10.14288/1.0098252.

PINEAU J, GORDON G, and THRUN S. Point-based value iteration: An anytime algorithm for POMDPs[C]. The 18th International Joint Conference on Artificial Intelligence, Acapulco, Mexico, 2003: 1025–1032.

LIU Bingbing, KANG Yu, JIANG Xiaofeng, et al. A fast approximation method for partially observable Markov decision processes[J]. Journal of Systems Science and Complexity, 2018, 31(6): 1423–1436. doi: 10.1007/s11424-018-7038-7

KURNIAWATI H, HSU D, LEE W S. SARSOP: Efficient point-based POMDP planning by approximating optimally reachable belief spaces[C]. The Robotics: Science and Systems IV, Zurich, Switzerland, 2008: 65–72. doi: 10.15607/RSS.2008.IV.009.

SARRAUTE C, BUFFET O, and HOFFMANN J. POMDPs make better hackers: Accounting for uncertainty in penetration testing[C]. The 26th AAAI Conference on Artificial Intelligence, Toronto, Canada, 2012: 1816–1824.

王刚, 胡鑫, 马润年, 等. 集体防御机制下的网络行动同步建模和稳定性[J]. 电子与信息学报, 2018, 40(6): 1515–1519. doi: 10.11999/JEIT170619

WANG Gang, HU Xin, MA Runnian, et al. Synchronization modeling and stability of cyberspace operation based on collective defensive mechanism[J]. Journal of Electronics &Information Technology, 2018, 40(6): 1515–1519. doi: 10.11999/JEIT170619

LYE K W and WING J M. Game strategies in network security[J]. International Journal of Information Security, 2005, 4(1/2): 71–86. doi: 10.1007/s10207-004-0060-x

姜伟, 方滨兴, 田志宏, 等. 基于攻防博弈模型的网络安全测评和最优主动防御[J]. 计算机学报, 2009, 32(4): 817–827. doi: 10.3724/SP.J.1016.2009.00817

JIANG Wei, FANG Binxing, TIAN Zhihong, et al. Evaluating network security and optimal active defense based on attack-defense game model[J]. Chinese Journal of Computers, 2009, 32(4): 817–827. doi: 10.3724/SP.J.1016.2009.00817

王晋东, 余定坤, 张恒巍, 等. 静态贝叶斯博弈主动防御策略选取方法[J]. 西安电子科技大学学报: 自然科学版, 2016, 43(1): 144–150. doi: 10.3969/j.issn.1001-2400.2016.01.026

WANG Jindong, YU Dingkun, ZHANG Hengwei, et al. Active defense strategy selection based on the static Bayesian game[J]. Journal of Xidian University, 2016, 43(1): 144–150. doi: 10.3969/j.issn.1001-2400.2016.01.026

王元卓, 林闯, 程学旗, 等. 基于随机博弈模型的网络攻防量化分析方法[J]. 计算机学报, 2010, 33(9): 1748–1762. doi: 10.3724/SP.J.1016.2010.01748

WANG Yuanzhuo, LIN Chuang, CHENG Xueqi, et al. Analysis for network attack-defense based on stochastic game model[J]. Chinese Journal of Computers, 2010, 33(9): 1748–1762. doi: 10.3724/SP.J.1016.2010.01748

CUI Xiaolin, TAN Xiaobin, ZHANG Yong, et al. A Markov game theory-based risk assessment model for network information system[C]. 2008 International Conference on Computer Science and Software Engineering, Hubei, China, 2008: 1057–1061. doi: 10.1109/csse.2008.949.

LI Tao, WANG Jindong, CHEN Yu, et al. A multi-stage game approach applied to network security risk controlling[C]. The 2nd IEEE Advanced Information Technology, Electronic and Automation Control Conference, Chongqing, China, 2017: 2518–2522. doi: 10.1109/iaeac.2017.8054477.

黄健明, 张恒巍, 王晋东, 等. 基于攻防演化博弈模型的防御策略选取方法[J]. 通信学报, 2017, 38(1): 168–176. doi: 10.11959/j.issn.1000-436x.2017019

HUANG Jianming, ZHANG Hengwei, Wang Jindong, et al. Defense strategies selection based on attack-defense evolutionary game model[J]. Journal on Communications, 2017, 38(1): 168–176. doi: 10.11959/j.issn.1000-436x.2017019

张恒巍, 李涛. 基于多阶段攻防信号博弈的最优主动防御[J]. 电子学报, 2017, 45(2): 431–439. doi: 10.3969/j.issn.0372-2112.2017.02.023

ZHANG Hengwei and LI Tao. Optimal active defense based on multi-stage attack-defense signaling game[J]. Acta Electronica Sinica, 2017, 45(2): 431–439. doi: 10.3969/j.issn.0372-2112.2017.02.023

朱建明, 宋彪, 黄启发. 基于系统动力学的网络安全攻防演化博弈模型[J]. 通信学报, 2014, 35(1): 54–61. doi: 10.3969/j.issn.1000-436x.2014.01.007

ZHU Jianming, SONG Biao, and HUANG Qifa. Evolution game model of offense-defense for network security based on system dynamics[J]. Journal on Communications, 2014, 35(1): 54–61. doi: 10.3969/j.issn.1000-436x.2014.01.007

VADLAMUDI S G, SENGUPTA S, TAGUINOD M, et al. Moving target defense for web applications using Bayesian stackelberg games: (Extended Abstract)[C]. The 2016 International Conference on Autonomous Agents & Multiagent Systems, Singapore, 2016: 1377–1378.

YUAN Yuan, SUN Fuchun, and LIU Huaping. Resilient control of cyber-physical systems against intelligent attacker: A hierarchal stackelberg game approach[J]. International Journal of Systems Science, 2016, 47(9): 2067–2077. doi: 10.1080/00207721.2014.973467

Relative Articles

Supplements(0)

Cited By

Proportional views