Penetration Testing (pentesting) involves skilled cybersecurity professionals generating a plan of attack for finding and exploiting vulnerabilities in networks, and applications. The current procedure used in pentesting is semi-automated at best and requires significant human effort. Moreover, the plan of attack followed by pentesters may not yield best outcomes in terms of exploiting vulnerabilities in the provided time.

Autonomous Security Analysis and Penetration Testing (ASAP) utilizes software vulnerabilities and network topology information to provide an artificial intelligence-based automated attack plan. Our framework Autonomous Security Analysis and Penetration Testing (ASAP) utilizes the reachability information between different network hosts and software vulnerabilities to generate a state transition graph known as attack graph. Each state in the attack graph represents the current privilege of the attacker. The attack graph also encodes information about the possible next state transitions in the network. In effect attack graph maps all possible exploits and privilege escalations possible in a network. This information is provided to an artificial intelligence (AI) module. The AI module utilizes a popular framework known as Partially Observable Markov Decision Process (POMDP) to encode uncertainty over different state transitions, and reward obtained by attackers on achieving different privilege levels. The output generated by the AI module - Attack Policy provides the best course of action for a penetration tester/ red team member in the current network setup.

The attack policy generated by the ASAP framework can be deployed on target enterprise networks using automated exploitation tools such as Metasploit. Based on our experimental evaluation in a cloud network setup, the attack policy generated by our framework does significantly better than human penetration testers in terms of finding and exploiting vulnerabilities in a network.