Skip to main content
SpringerLink
Log in

Artificial Intelligence & Cybersecurity: A Preliminary Study of Automated Pentesting with Offensive Artificial Intelligence

  • Conference paper
  • First Online:
Information and Knowledge Systems. Digital Technologies, Artificial Intelligence and Decision Making (ICIKS 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 425))

Included in the following conference series:

Abstract

In this paper, we seek to define an experimental framework for the application of a new industrialization method for penetration testing. This work- in-progress research is placed in a particular business context: that of a company with an extensive and decentralized information system. The objective of this research is to give companies the tools to develop a penetration test task force capable of testing any system in a fully automated way and to form proper communication channel and support for risk assessment reporting. It is based on the use of artificial intelligence to make the penetration test autonomous. This research considers the conduct of penetration tests both through their technical issues and through the managerial issues specific to a decentralized information system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aoki, M.: Orizontal vs. Vertical information structure of the firm. Am. Econ. Rev. 76(5), 971–983 (1986)

    Google Scholar 

  2. Bertoglio, D.D.: An overview of open issues on penetration test. J. Braz. Comput. Soc. 23(1), 1–16 (2017)

    Article  Google Scholar 

  3. Bialas, A.: A UML approach in the ISMS implementation. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds.) Security Management, Integrity, and Internal Control in Information Systems, pp. 285–297. Springer, Heidelberg (2004). https://doi.org/10.1007/0-387-31167-X_18

    Chapter  Google Scholar 

  4. Sarraute, C.: Using AI techniques to improve Pentesting Automation. Hackito Ergo Sum (HES), Paris, France (2010)

    Google Scholar 

  5. Chowdhary, A., Huang, D., Mahendran, J. S., Romo, D., Deng, Y., Sabur, A.: Autonomous security analysis and penetration testing. In: 16th International Conference on Mobility, Sensing and Networking (MSN), pp. 508–515 (2020)

    Google Scholar 

  6. Rentrop, C., Zimmermann, S.: Shadow IT: management and control of unofficial IT. In: 6th International Conference on Digital Society (ICDS), pp. 98–102 (2012)

    Google Scholar 

  7. Dayan, P.: Reinforcement Learning. Wiley, Hoboken (2002)

    Google Scholar 

  8. ISO/IEC 27001: Information technology—security techniques—information security management systems—requirements. Technical Report ISO/IEC 27001, ISO/IEC, Geneva (2018)

    Google Scholar 

  9. Schwartz, J., Kurniawati, H.: Autonomous penetration testing using Reinforcement Learning. Cornell University Computer Science (2019)

    Google Scholar 

  10. Bravo Ferreira, J., Cello, M., Iglesias, J.O.: More sharing, more benefits? A study of library sharing in container-based infrastructures. In: Rivera, F.F., Pena, T.F., Cabaleiro, J.C. (eds.) Euro-Par 2017. LNCS, vol. 10417, pp. 358–371. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64203-1_26

    Chapter  Google Scholar 

  11. Lui, V.: Penetration testing: the white hat hacker. ISSA J. (2007)

    Google Scholar 

  12. McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security paradigms, pp. 15–21. ACM Digital Library (2001)

    Google Scholar 

  13. Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Comput. Commun. Rev. 36(5), 5–16 (2006)

    Article  Google Scholar 

  14. Valea, O., Oprişa, C.: Towards pentesting automation using the metasploit framework. In: IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 171–178 (2020)

    Google Scholar 

  15. Al-Shiha, R., Alghowinem, S.: Security metrics for ethical hacking. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) SAI 2018. AISC, vol. 857, pp. 1154–1165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-01177-2_83

    Chapter  Google Scholar 

  16. Verbedeke, A.: International Business Strategy: Rethinking the Foundations of Global Corporate Success. Cambridge University Press, Cambridge (2013)

    Book  Google Scholar 

  17. Wang, J., Neil, M., Fenton, N.: A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. Comput. Secur. 89, 101659 (2020)

    Article  Google Scholar 

  18. Raychaudhuri, S.: Introduction to Monte Carlo simulation. In: 2008 Winter Simulation Conference, Miami, FL, USA, pp. 91–100. IEEE (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université Paris-Dauphine, PSL, Paris, France

    Marin François

  2. Université Paris-Dauphine, PSL, CNRS, DRM, Paris, France

    Pierre-Emmanuel Arduin

  3. Université Paris-Dauphine, PSL, CNRS, LAMSADE, Paris, France

    Myriam Merad

Authors
  1. Marin François
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre-Emmanuel Arduin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Myriam Merad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Marin François , Pierre-Emmanuel Arduin or Myriam Merad .

Editor information

Editors and Affiliations

  1. Amiens Business School and University of Picardie Jules Verne, Amiens, France

    Inès Saad

  2. University of Paris-Dauphine PSL, Paris, France

    Camille Rosenthal-Sabroux

  3. University of Sfax, Sfax, Tunisia

    Faiez Gargouri

  4. University of Paris-Dauphine PSL, Paris, France

    Pierre-Emmanuel Arduin

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

François, M., Arduin, PE., Merad, M. (2021). Artificial Intelligence & Cybersecurity: A Preliminary Study of Automated Pentesting with Offensive Artificial Intelligence. In: Saad, I., Rosenthal-Sabroux, C., Gargouri, F., Arduin, PE. (eds) Information and Knowledge Systems. Digital Technologies, Artificial Intelligence and Decision Making. ICIKS 2021. Lecture Notes in Business Information Processing, vol 425. Springer, Cham. https://doi.org/10.1007/978-3-030-85977-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85977-0_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85976-3

  • Online ISBN: 978-3-030-85977-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation