Cybersecurity practitioners require alternative approaches and tools for combating the emerging security threats worldwide. How effective are current penetration testing (PT) training modules in cybersecurity degree and certification programs for exploring vulnerabilities in worldwide networks? Ghanem et al. propose a new hierarchical reinforcement learning (HRL) framework for intelligently automating cumbersome, repetitive testing processes, to provide more robust PT for large and complicated networks.
The authors review recent research efforts that apply artificial intelligence (AI) techniques to automate and optimize PT. Indeed, previous research results are perhaps inadequate for intelligently forecasting the trends and improving the policies of transition states for PT in huge complex networks. Hence, the authors advocate an intelligent automated PT framework (IAPTF) with an HRL that applies data-centered security logistics, to partition and test huge networks in small network clusters and to make the PT of the security of humongous networks more efficient and effective.
Specifically, to overcome the scalability and performance issues associated with partially observed Markov decision processes (POMDP) to resolve security testing issues in medium and large networks, the authors perform experiments that apply HRL to represent complicated PT domains. The experimental investigations use IAPTF to partition networks into individual security clusters, and then process and combine all penetration attacks from network security clusters to insure the coverage and effectiveness of the network security PT. The experimental results reveal that IAPTF is valuable in the reportage and effective PT of security vulnerabilities in large networks.
The authors recognize the limitations of the research by posing a major unresolved challenge: How should the coverage of security attacks be minimized without compromising the difficult hidden hacker attacks in real-world medium and large networks? Cybersecurity experts, researchers, and educators should read this timely paper as it highlights many unresolved practical and theoretical questions.