This paper presents a novel approach to automated penetration testing using deep reinforcement learning. The proposed approach uses a deep Q-learning network to learn how to generate attack sequences that successfully exploit vulnerabilities in a target system. The approach is evaluated using a simulated environment, and the results show that it is able to find vulnerabilities that are not found by manual penetration testing. The work depends on a set of tools like Deep Q-learning network, MulVAL, Nmap, Virtualization - VirtualBox, Containerization - Docker, National Vulnerability Database (NVD), and CommonVulnerability Scoring System (CVSS). The proposed approach is a significant improvement over traditional automated penetration testing tools. It is able to find vulnerabilities that are not found by manual penetration testing, and it is able to adapt to changes in the target system. Moreover, it has the potential to significantly improve the efficiency and effectiveness of penetration testing, and it could help to make computer systems more secure.

Conference Title

The First International Conference & Expo on Innovation and Sustainability in Engineering & Technology

Conference Country

Palestine

Conference Date

June 14, 2023 - June 15, 2023

Conference Sponsor

Jawwal, Paltel

Additional Info

Conference Website