The Agent Web Model – Modelling web hacking for reinforcement learning

09/23/2020
by   Laszlo Erdodi, et al.
0

Website hacking is a frequent attack type used by malicious actors to obtain confidential information, modify the integrity of web pages or make websites unavailable. The tools used by attackers are becoming more and more automated and sophisticated, and malicious machine learning agents seems to be the next development in this line. In order to provide ethical hackers with similar tools, and to understand the impact and the limitations of artificial agents, we present in this paper a model that formalizes web hacking tasks for reinforcement learning agents. Our model, named Agent Web Model, considers web hacking as a capture-the-flag style challenge, and it defines reinforcement learning problems at seven different levels of abstraction. We discuss the complexity of these problems in terms of actions and states an agent has to deal with, and we show that such a model allows to represent most of the relevant web vulnerabilities. Aware that the driver of advances in reinforcement learning is the availability of standardized challenges, we provide an implementation for the first three abstraction layers, in the hope that the community would consider these challenges in order to develop intelligent web hacking agents.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

02/12/2021

Intelligent Software Web Agents: A Gap Analysis

Semantic web technologies have shown their effectiveness, especially whe...
04/15/2019

Improving interactive reinforcement learning: What makes a good teacher?

Interactive reinforcement learning has become an important apprenticeshi...
10/04/2021

Automating Privilege Escalation with Deep Reinforcement Learning

AI-based defensive solutions are necessary to defend networks and inform...
05/21/2018

Hierarchical Reinforcement Learning with Hindsight

Reinforcement Learning (RL) algorithms can suffer from poor sample effic...
05/22/2019

Deep Reinforcement Learning for Detecting Malicious Websites

Phishing is the simplest form of cybercrime with the objective of baitin...
05/26/2020

Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges and Tabular Q-Learning

Penetration testing is a security exercise aimed at assessing the securi...
02/06/2016

End-to-End Goal-Driven Web Navigation

We propose a goal-driven web navigation as a benchmark task for evaluati...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.