The Agent Web Model – Modelling web hacking for reinforcement learning

by   Laszlo Erdodi, et al.

Website hacking is a frequent attack type used by malicious actors to obtain confidential information, modify the integrity of web pages or make websites unavailable. The tools used by attackers are becoming more and more automated and sophisticated, and malicious machine learning agents seems to be the next development in this line. In order to provide ethical hackers with similar tools, and to understand the impact and the limitations of artificial agents, we present in this paper a model that formalizes web hacking tasks for reinforcement learning agents. Our model, named Agent Web Model, considers web hacking as a capture-the-flag style challenge, and it defines reinforcement learning problems at seven different levels of abstraction. We discuss the complexity of these problems in terms of actions and states an agent has to deal with, and we show that such a model allows to represent most of the relevant web vulnerabilities. Aware that the driver of advances in reinforcement learning is the availability of standardized challenges, we provide an implementation for the first three abstraction layers, in the hope that the community would consider these challenges in order to develop intelligent web hacking agents.



There are no comments yet.


page 1

page 2

page 3

page 4


Intelligent Software Web Agents: A Gap Analysis

Semantic web technologies have shown their effectiveness, especially whe...

Improving interactive reinforcement learning: What makes a good teacher?

Interactive reinforcement learning has become an important apprenticeshi...

Automating Privilege Escalation with Deep Reinforcement Learning

AI-based defensive solutions are necessary to defend networks and inform...

Hierarchical Reinforcement Learning with Hindsight

Reinforcement Learning (RL) algorithms can suffer from poor sample effic...

Deep Reinforcement Learning for Detecting Malicious Websites

Phishing is the simplest form of cybercrime with the objective of baitin...

Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges and Tabular Q-Learning

Penetration testing is a security exercise aimed at assessing the securi...

End-to-End Goal-Driven Web Navigation

We propose a goal-driven web navigation as a benchmark task for evaluati...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.