Abstract
In this paper, we seek to define an experimental framework for the application of a new industrialization method for penetration testing. This work- in-progress research is placed in a particular business context: that of a company with an extensive and decentralized information system. The objective of this research is to give companies the tools to develop a penetration test task force capable of testing any system in a fully automated way and to form proper communication channel and support for risk assessment reporting. It is based on the use of artificial intelligence to make the penetration test autonomous. This research considers the conduct of penetration tests both through their technical issues and through the managerial issues specific to a decentralized information system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aoki, M.: Orizontal vs. Vertical information structure of the firm. Am. Econ. Rev. 76(5), 971–983 (1986)
Bertoglio, D.D.: An overview of open issues on penetration test. J. Braz. Comput. Soc. 23(1), 1–16 (2017)
Bialas, A.: A UML approach in the ISMS implementation. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds.) Security Management, Integrity, and Internal Control in Information Systems, pp. 285–297. Springer, Heidelberg (2004). https://doi.org/10.1007/0-387-31167-X_18
Sarraute, C.: Using AI techniques to improve Pentesting Automation. Hackito Ergo Sum (HES), Paris, France (2010)
Chowdhary, A., Huang, D., Mahendran, J. S., Romo, D., Deng, Y., Sabur, A.: Autonomous security analysis and penetration testing. In: 16th International Conference on Mobility, Sensing and Networking (MSN), pp. 508–515 (2020)
Rentrop, C., Zimmermann, S.: Shadow IT: management and control of unofficial IT. In: 6th International Conference on Digital Society (ICDS), pp. 98–102 (2012)
Dayan, P.: Reinforcement Learning. Wiley, Hoboken (2002)
ISO/IEC 27001: Information technology—security techniques—information security management systems—requirements. Technical Report ISO/IEC 27001, ISO/IEC, Geneva (2018)
Schwartz, J., Kurniawati, H.: Autonomous penetration testing using Reinforcement Learning. Cornell University Computer Science (2019)
Bravo Ferreira, J., Cello, M., Iglesias, J.O.: More sharing, more benefits? A study of library sharing in container-based infrastructures. In: Rivera, F.F., Pena, T.F., Cabaleiro, J.C. (eds.) Euro-Par 2017. LNCS, vol. 10417, pp. 358–371. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64203-1_26
Lui, V.: Penetration testing: the white hat hacker. ISSA J. (2007)
McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security paradigms, pp. 15–21. ACM Digital Library (2001)
Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Comput. Commun. Rev. 36(5), 5–16 (2006)
Valea, O., Oprişa, C.: Towards pentesting automation using the metasploit framework. In: IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 171–178 (2020)
Al-Shiha, R., Alghowinem, S.: Security metrics for ethical hacking. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) SAI 2018. AISC, vol. 857, pp. 1154–1165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-01177-2_83
Verbedeke, A.: International Business Strategy: Rethinking the Foundations of Global Corporate Success. Cambridge University Press, Cambridge (2013)
Wang, J., Neil, M., Fenton, N.: A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model. Comput. Secur. 89, 101659 (2020)
Raychaudhuri, S.: Introduction to Monte Carlo simulation. In: 2008 Winter Simulation Conference, Miami, FL, USA, pp. 91–100. IEEE (2008)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
François, M., Arduin, PE., Merad, M. (2021). Artificial Intelligence & Cybersecurity: A Preliminary Study of Automated Pentesting with Offensive Artificial Intelligence. In: Saad, I., Rosenthal-Sabroux, C., Gargouri, F., Arduin, PE. (eds) Information and Knowledge Systems. Digital Technologies, Artificial Intelligence and Decision Making. ICIKS 2021. Lecture Notes in Business Information Processing, vol 425. Springer, Cham. https://doi.org/10.1007/978-3-030-85977-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-85977-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85976-3
Online ISBN: 978-3-030-85977-0
eBook Packages: Computer ScienceComputer Science (R0)