Automated Windows domain penetration method based on reinforcement learning
Windows domain provides a unified system service for resource sharing and information interaction among users.However, this also introduces significant security risks while facilitating intranet management.In recent years, intranet attacks targeting domain controllers have become increasingly preval...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-08-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023057 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529664835682304 |
|---|---|
| author | Lige ZHAN Letian SHA Fu XIAO Jiankuo DONG Pinchang ZHANG |
| author_facet | Lige ZHAN Letian SHA Fu XIAO Jiankuo DONG Pinchang ZHANG |
| author_sort | Lige ZHAN |
| collection | DOAJ |
| description | Windows domain provides a unified system service for resource sharing and information interaction among users.However, this also introduces significant security risks while facilitating intranet management.In recent years, intranet attacks targeting domain controllers have become increasingly prevalent, necessitating automated penetration testing to detect vulnerabilities and ensure the ongoing maintenance of office network operations.Then efficient identification of attack paths within the domain environment is crucial.The penetration process was first modeled using reinforcement learning, and attack paths were then discovered and verified through the interaction of the model with the domain environment.Furthermore, unnecessary states in the reinforcement learning model were trimmed based on the contribution differences of hosts to the penetration process, aiming to optimize the path selection strategy and improve the actual attack efficiency.The Q-learning algorithms with solution space refinement and exploration policy optimization were utilized to filter the optimal attack path.By employing this method, all security threats in the domain can be automatically verified, providing a valuable protection basis for domain administrators.Experiments were conducted on typical Windows domain scenarios, and the results show that the optimal path is selected from the thirteen efficient paths generated by the proposed method, while also providing better performance optimization in terms of domain controller intrusion, domain host intrusion, attack steps, convergence, and time cost compared to other approaches. |
| format | Article |
| id | doaj-art-f5686430e5c741a4bfcd5f7e6dd18840 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-08-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-f5686430e5c741a4bfcd5f7e6dd188402025-01-15T03:16:46ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-08-01910412059579576Automated Windows domain penetration method based on reinforcement learningLige ZHANLetian SHAFu XIAOJiankuo DONGPinchang ZHANGWindows domain provides a unified system service for resource sharing and information interaction among users.However, this also introduces significant security risks while facilitating intranet management.In recent years, intranet attacks targeting domain controllers have become increasingly prevalent, necessitating automated penetration testing to detect vulnerabilities and ensure the ongoing maintenance of office network operations.Then efficient identification of attack paths within the domain environment is crucial.The penetration process was first modeled using reinforcement learning, and attack paths were then discovered and verified through the interaction of the model with the domain environment.Furthermore, unnecessary states in the reinforcement learning model were trimmed based on the contribution differences of hosts to the penetration process, aiming to optimize the path selection strategy and improve the actual attack efficiency.The Q-learning algorithms with solution space refinement and exploration policy optimization were utilized to filter the optimal attack path.By employing this method, all security threats in the domain can be automatically verified, providing a valuable protection basis for domain administrators.Experiments were conducted on typical Windows domain scenarios, and the results show that the optimal path is selected from the thirteen efficient paths generated by the proposed method, while also providing better performance optimization in terms of domain controller intrusion, domain host intrusion, attack steps, convergence, and time cost compared to other approaches.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023057Windows domainpenetration testingreinforcement learningattack path |
| spellingShingle | Lige ZHAN Letian SHA Fu XIAO Jiankuo DONG Pinchang ZHANG Automated Windows domain penetration method based on reinforcement learning 网络与信息安全学报 Windows domain penetration testing reinforcement learning attack path |
| title | Automated Windows domain penetration method based on reinforcement learning |
| title_full | Automated Windows domain penetration method based on reinforcement learning |
| title_fullStr | Automated Windows domain penetration method based on reinforcement learning |
| title_full_unstemmed | Automated Windows domain penetration method based on reinforcement learning |
| title_short | Automated Windows domain penetration method based on reinforcement learning |
| title_sort | automated windows domain penetration method based on reinforcement learning |
| topic | Windows domain penetration testing reinforcement learning attack path |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023057 |
| work_keys_str_mv | AT ligezhan automatedwindowsdomainpenetrationmethodbasedonreinforcementlearning AT letiansha automatedwindowsdomainpenetrationmethodbasedonreinforcementlearning AT fuxiao automatedwindowsdomainpenetrationmethodbasedonreinforcementlearning AT jiankuodong automatedwindowsdomainpenetrationmethodbasedonreinforcementlearning AT pinchangzhang automatedwindowsdomainpenetrationmethodbasedonreinforcementlearning |