Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks
Ghanem M., Chen T., Nepomuceno E. Journal of Intelligent Information Systems60 1-23,2023.Type:Article
Date Reviewed: Dec 18 2023

Cybersecurity practitioners require alternative approaches and tools for combating the emerging security threats worldwide. How effective are current penetration testing (PT) training modules in cybersecurity degree and certification programs for exploring vulnerabilities in worldwide networks? Ghanem et al. propose a new hierarchical reinforcement learning (HRL) framework for intelligently automating cumbersome, repetitive testing processes, to provide more robust PT for large and complicated networks.

The authors review recent research efforts that apply artificial intelligence (AI) techniques to automate and optimize PT. Indeed, previous research results are perhaps inadequate for intelligently forecasting the trends and improving the policies of transition states for PT in huge complex networks. Hence, the authors advocate an intelligent automated PT framework (IAPTF) with an HRL that applies data-centered security logistics, to partition and test huge networks in small network clusters and to make the PT of the security of humongous networks more efficient and effective.

Specifically, to overcome the scalability and performance issues associated with partially observed Markov decision processes (POMDP) to resolve security testing issues in medium and large networks, the authors perform experiments that apply HRL to represent complicated PT domains. The experimental investigations use IAPTF to partition networks into individual security clusters, and then process and combine all penetration attacks from network security clusters to insure the coverage and effectiveness of the network security PT. The experimental results reveal that IAPTF is valuable in the reportage and effective PT of security vulnerabilities in large networks.

The authors recognize the limitations of the research by posing a major unresolved challenge: how should the coverage of security attacks be minimized without compromising the difficult hidden hacker attacks in real-world medium and large networks? Cybersecurity experts, researchers, and educators should read this timely paper as it highlights many unresolved practical and theoretical questions.

Reviewer:  Amos Olagunju Review #: CR147678
Bookmark and Share
  Featured Reviewer  
Learning (I.2.6 )
Security and Protection (C.2.0 ... )
Would you recommend this review?
Other reviews under "Learning": Date
Learning in parallel networks: simulating learning in a probabilistic system
Hinton G. (ed) BYTE 10(4): 265-273, 1985. Type: Article
Nov 1 1985
Macro-operators: a weak method for learning
Korf R. Artificial Intelligence 26(1): 35-77, 1985. Type: Article
Feb 1 1986
Inferring (mal) rules from pupils’ protocols
Sleeman D.  Progress in artificial intelligence (, Orsay, France,391985. Type: Proceedings
Dec 1 1985

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy