摘要
传统的渗透测试方式依赖测试人员的经验,而自动化测试通常基于已知的攻击模式和漏洞库,因此在面对复杂的网络场景时,难以实施灵活高效的渗透测试。针对上述问题,利用人工智能技术赋能自动化渗透测试,提出了基于强化认知决策的智能化渗透测试方案,通过拆解渗透攻击的各个阶段并提取攻击单元,设计迭代运行的系统架构,动态生成攻击行为,针对复杂的网络环境,利用强化学习实现攻击决策智能体的自进化学习,实现高效的智能化渗透测试。
Traditional penetration testing relies on the expertise of engineers,while automatic testing based on known attack patterns and vulnerability databases lacks the flexibility and efficiency to address complex network scenarios.To address these challenges,it proposes an intelligent penetration testing approach empowered by artificial intelligence techniques,based on reinforcement cognition decision-making.By decomposing the penetration attack into various stages and extracting attack units,an iterative system architecture is designed to dynamically generate attack behaviors.To tackle complex network environments,a reinforcement learning-based approach is employed to enable self-evolution capabilities of the attack decision-making agent,achieving efficient intelligent penetration testing.
作者
张小梅
郑涛
李长连
刘兵
熊琛
王昭顺
Zhang Xiaomei;Zheng Tao;Li Changlian;Liu Bing;Xiong Chen;Wang Zhaoshun(China United Network Communications Group Co.,Ltd.,Beijing 100033,China;China Information Technology Designing&Consulting Institute Co.,Ltd.,Beijing 100048,China;Bei-jing Moyun Technology Co.,Ltd.,Beijing 100094,China;University of Science and Technology Beijing,Beijing 100083,China)
出处
《邮电设计技术》
2024年第8期1-7,共7页
Designing Techniques of Posts and Telecommunications
关键词
渗透测试
强化认知决策
攻击决策智能体
自进化学习
智能化渗透测试
Penetration test
Reinforcement cognition and decision-making
Attack decision-making agent
Self-evolution learning
Intelligent penetration testing
