AI application framework for automatic vulnerabilities exploit
DOI:
https://doi.org/10.54654/isj.v1i13.234Keywords:
Penetration testing, Vulnerability analysis, Reinforcement learning, automated exploitationTóm tắt
Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng.
Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.
Downloads
References
Mujahid Shah, Sheeraz Ahmed, Khalid Saeed, Muhammad Junaid, Hamayun Khan, Ata-ur-rehman (2019), “Penetration Testing Active Reconnaissance Phase – Optimized Port Scanning With Nmap Tool”.
Angel Rajan, Emre Erturk (2017), “Web Vulnerability Scanners: A case Study”.
Sudhanshu Raj, Navpreet Kaur Walia (2020), “A Study on Metasploit Framework: A Pen-Testing Tool”.
Wappalyzer - Identify technologies on websites https://www.wappalyzer.com/ [Accessed: September, 22, 2021].
Rengine wiki for developer https://rengine.wiki/ [Accessed: September, 14, 2021].
Vulscan github https://github.com/vulscanteam/vulscan [Accessed: September, 05, 2021].
Vulnerability Scanning with Nexpose https://docs.rapid7.com/metasploit/vulnerability-scanning-with-nexpose [Accessed: September, 14, 2021].
Stanislav Dashevskyi, Daniel Ricardo dos Santos, Fabio Massacci, and Antonino Sabetta (2017), "TestREx: a Framework for Repeatable Exploits", Journal reference: Int. J. Software Tools for Technology Transfer, 2017.
Python Multithreaded Programming – Tutorials Point, https://www.tutorialspoint.com/python/python_multithreading.htm [Accessed: September, 1, 2021].
Sachchidanand Singh; Nirmala Singh (July, 2016), “Containers & Docker: Emerging roles & future of Cloud technology”, IEEE 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT).
Nmap Docker image 7.92 của Instrumentisto https://hub.docker.com/r/instrumentisto/nmap [Accessed: September, 14, 2021].
Dirsearch - Web path discovery image, Maurosoria https://github.com/maurosoria/dirsearch [Accessed: September, 14, 2021].
Nuclei - Fast and customisable vulnerability scanner based on simple YAML based DSL github https://github.com/projectdiscovery/nuclei [Accessed: September, 14, 2021].
Wappalyzer https://hub.docker.com/r/wappalyzer/cli [Accessed: September, 14, 2021].
J¨urgen Cito, Vincenzo Ferme, Harald C. Gall (2016), “Using docker Containers to Improve Reproducibility in Software and web Engineering Research”.
Jonathon Schwart (2018), “Autonomous Penetration Testing using Reinforcement Learning”, The University of Queensland, Australia.
Julien Vitay, “Deep Reinforcement Learning”, https://julien-vitay.net/deeprl/, [Accessed: September, 14, 2021].
Sudharsan Ravichandiran (2018), “Hands-On Reinforcement Learning with Python”, Published by Packt Publishing.
Isao Takaesu (2018), “DeepExploit”, https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit [Accessed: June, 24, 2021].
Metasploit (2010), “Introducing Metasploitable”, http://blog.metasploit.com/2010/05/introducing-metasploitable.html, [Accessed: September, 14, 2021].
Eashan Kaushik (2020), “Asynchronous Advantage Actor Critic with Random Exploration Exploitation (A3C-REE)”, International Research Journal of Engineering and Technology (IRJET).
Rapid7 (2016), “Metasploit Pro RPC API Guide”.
SpiderLabs, “msgrpc”, https://github.com/SpiderLabs/msfrpc, [Accessed: September, 14, 2021].
Dirkjanm, PoC for Zerologon - all research credits go to Tom Tervoort of Secura https://github.com/dirkjanm/CVE-2020-1472 [Accessed: September, 2, 2021].
A small place to discover languages in GitHub https://madnight.github.io/githut/#/pull_requests/2021/2 [Accessed: September, 19, 2021].
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).