The complexity of Markov decision processes
Mathematics of Operations Research
Complexity of finite-horizon Markov decision process problems
Journal of the ACM (JACM)
| Hi-index | 0.00 |
In this work we consider the problem of automatically designing a penetration test plan that can be executed remotely, without prior knowledge of the target machine or network. We develop a methodology for generating and executing remote testing plans that takes into account the uncertainty of using remote tools both to gain knowledge of the system and to provide the penetration testing actions. Our solution provides automated generation of multi-step penetration test plans that are robust to uncertainty during execution. We tackle this problem by making use of modeling techniques from partially observable Markov decision processes (POMDPs). We automate this process by taking advantage of efficient solutions for solving POMDPs, and further, automatically derive these models through automated access to vulnerability databases such as the national vulnerabilities database (NVD). We demonstrate our implemented solution on a series of example problems.