DiVA

diva-portal.org

Digitala Vetenskapliga Arkivet

EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Penetration Testing Automation with Inverse Soft-Q Learning: An Imitation Learning Method
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2025 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Penetration testing (PT) is a useful technique for vulnerability mining and cybersecurity management that mimics a real hacker’s attack to get vital information from operating systems or make the system inaccessible to users. Given that traditional manual PT relies heavily on specialists’ subject knowledge and is highly time-consuming, its cost is high. Artificial intelligence algorithms like reinforcement learning (RL) and deep reinforcement learning (DRL) have been studied and used in PT to provide efficient and cost-effective methods to handle the challenge. However, existing algorithms are either not able to handle large action and environment spaces or are difficult to train. To solve this, this thesis uses the Inverse Soft-Q Learning (IQ-Learn) algorithm in PT automation, a \emph{state-of-the-art} (SOTA) Imitation Learning algorithm, to lower the training difficulty and improve performance. To be more specific, an artefact is designed and implemented with the design science framework as methodology. The artefact involves generating an expert knowledge base that consists of state-action pairs by interacting with the environment and training the artificial agent with expert data. The artefact is evaluated with extensive simulated experiments. The result shows that the artefact can improve the performance of PT automation.
Place, publisher, year, edition, pages
2025.
Keywords [en]
Penetration testing, Deep reinforcement learning, Imitation Learning, Inverse Soft-Q Learning, Design Science, AI
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:su:diva-242788OAI: oai:DiVA.org:su-242788DiVA, id: diva2:1955720
Available from: 2025-04-30 Created: 2025-04-30

Open Access in DiVA

fulltext(3603 kB)13 downloads
File information
File name FULLTEXT01.pdfFile size 3603 kBChecksum SHA-512
c9312c806b095b89299c34542564dc49ae2a9cd38b520e64aa7455735618333a58dfb8df7340240395b2d2c773f7c7f01cd688715161cd9f3053fd8f1af592e5
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Song, Dongfang
By organisation
Department of Computer and Systems Sciences
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 13 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 31 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
About DiVA Portal
|
About the DiVA Consortium