Dorin Shmaryahu, Tom Gonda, Joerg Hoffman, Guy Shani
28th International Workshop on Principles of Diagnosis (DX) (2017)
Penetration Testing (pentesting), where network administratorsautomatically attack their own network to identifyand fix vulnerabilities, has recently received attentionfrom the AI community. Smart algorithms that canidentify robust and efficient attack plans may imitatehuman hackers better than simple protocols. Classicalplanning methods for pentesting model poorly the realworld, where the attacker has only partial informationconcerning the network. On the other hand POMDPbasedapproaches provide a strong model, but fail toscale up to reasonable model sizes. In this paper we offera middle ground, allowing for partial observabilityand non-deterministic action effects, by modeling pentestingas a partially observable contingent problem. Weexperiment with a real network of a large organization,showing our solver to scale to realistic problem sizes.We also experiment with sub-sampled networks, comparingthe expected reward of a contingent plan graphto that of a POMDP policy.