2019
DOI: 10.1631/fitee.1800532
|View full text |Cite
|
Sign up to set email alerts
|

NIG-AP: a new method for automated penetration testing

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
1
0
2

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
4
1

Relationship

0
10

Authors

Journals

citations
Cited by 26 publications
(7 citation statements)
references
References 14 publications
0
1
0
2
Order By: Relevance
“…Qiu et al [14] developed an automated penetration testing algorithm that exploited vulnerabilities based on a scanning report. Zhou et al [36] proposed the Network Information Gain Based Automated Attack Planning (NIG-AP) algorithm to automate penetration testing phases that use the reward system. Minh et al [37], meanwhile, automated vulnerability assessments at the commit level, triggering them with each new commit made to the codebase.…”
Section: Benchmarks Targetsmentioning
confidence: 99%
“…Qiu et al [14] developed an automated penetration testing algorithm that exploited vulnerabilities based on a scanning report. Zhou et al [36] proposed the Network Information Gain Based Automated Attack Planning (NIG-AP) algorithm to automate penetration testing phases that use the reward system. Minh et al [37], meanwhile, automated vulnerability assessments at the commit level, triggering them with each new commit made to the codebase.…”
Section: Benchmarks Targetsmentioning
confidence: 99%
“…To automate penetration testing, one can extend the RL game defined in the paragraph above to incorporate actions of penetration testing or red teaming tools (A.6.2). In fact, [129] did so to automate penetration testing with the Metasploit framework [5], whereas [76] utilised the PowerShell Empire framework [6] to automate post exploitation activities. Furthermore, researchers have analysed specific tasks of red teaming and attempted to automate them.…”
Section: Automated Red Team Solutionsmentioning
confidence: 99%
“…Провівши аналіз останніх досліджень і публікацій, слід відзначити, що наявні методи проведення активного аналізу захищеності корпоративних мереж в автоматичному режимі використовують різну математичну базу. При цьому, більшість ґрунтується на використанні класичних алгоритмів планування [3], частково спостережуваних та звичайних марківських процесів прийняття рішень [4][5][6][7][8].…”
Section: вступunclassified