Skip to Main content Skip to Navigation
Conference papers

Penetration Testing == POMDP Solving?

Carlos Sarraute 1 Olivier Buffet 2 Joerg Hoffmann 2
2 MAIA - Autonomous intelligent machine
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Penetration Testing is a methodology for assessing network security, by generating and executing possible attacks. Doing so automatically allows for regular and systematic testing without a prohibitive amount of human labor. A key question then is how to generate the attacks. This is naturally formulated as a planning problem. Previous work used classical planning and hence ignores all the incomplete knowledge that characterizes hacking. More recent work makes strong independence assumptions for the sake of scaling, and lacks a clear formal concept of what the attack planning problem actually is. Herein, we model that problem in terms of partially observable Markov decision processes (POMDP). This grounds penetration testing in a well-researched formalism, highlighting important aspects of this problem's nature. POMDPs allow to model information gathering as an integral part of the problem, thus providing for the first time a means to intelligently mix scanning actions with actual exploits.
Document type :
Conference papers
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download
Contributor : Joerg Hoffmann <>
Submitted on : Thursday, November 17, 2011 - 5:19:10 PM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Friday, November 16, 2012 - 11:05:56 AM


Files produced by the author(s)


  • HAL Id : inria-00607403, version 1



Carlos Sarraute, Olivier Buffet, Joerg Hoffmann. Penetration Testing == POMDP Solving?. Workshop on Intelligent Security (Security and Artificial Intelligence) - SecArt-11, Jul 2011, Barcelona, Spain. ⟨inria-00607403⟩



Record views


Files downloads