Self-Adaptive Penetration Tests with Deep-Reinforced Intelligent Agents
Penetration testing is a key security tactic, where defenders thinks like an attacker to predict the latter’s actions and develop effective defense. However, for large-scale cyber-physical infrastructures like the smart grid, traditional penetration tests on individual devices or networks are insufficient to exhaust all potential exploits or to reveal infrastructure-level vulnerabilities invisible to the local system. The project aims to close the gap by developing collaborative autonomous agents that can inspect a large-scale infrastructure to identify critical vulnerabilities that would be otherwise invisible to the operators and defenders. To this end, the project will develop innovative deep reinforcement learning agents that will automatically conduct penetration tests in complex dynamic environments and adaptively update their strategies to identify the most impactful exploits. The project will deliver a systematic methodology that enables proactive search for critical vulnerabilities in 5G-connected smart critical infrastructures and promote early defense actions to mitigate the potential risks.