Pentesting tools like Metasploit, Burp, ExploitPack, BeEF, etc. are used by security practitioners to identify possible vulnerability points and to assess compliance with security policies. Pentesting tools come with a library of known exploits that have to be configured or customized for your particular environment. This configuration typically takes the form of a DSL or a set of fairly complex UIs to configure individual attacks.

Conventionally the workflow of pentesting is comprised of the following fixed steps (Sarraute):

- perform a network discovery to obtain a list of all the reachable hosts
- port scan all the known hosts
- perform OS detection
- launch matching exploits against the potentially vulnerable machines

There are two major shortcomings with this approach (1) scanning doesn’t yield perfect knowledge (2) scanning generates significant network traffic and can run for a very long time on a large network (Sarraute).

It is perhaps due to these shortcomings (and maybe 0day exploits) that "most testing tools, provide no guarantee of soundness. Indeed, in the last few years, several reports have shown that state-of-the-art web application scanners fail to detect a significant number of vulnerabilities in test applications" (Doupé).

Often when deterministic approaches prove to be brittle and inefficient, we look to probabilistic methods to do better.

Sarraute, Buffet and Hoffmann and have explored the application of partially observable Markov decision processes (POMDP) to this domain. They demonstrate that POMDP can increase the efficiency of the pentesting process by making probabilistic assumptions that (when true) can successfully find exploits without following the conventional workflow.

Our own research is taking it further and applying reinforcement learning and deepnets to this domain.

We are also working on novel ways to collect the massive datasets necessary to train these algorithms. Here we should acknowledge the tireless dedication of hackers, particularly in Russia and China.

The application of probabilistic methods are long overdue in the field of information security. Although research in this area has been extremely limited, initial experiments appear promising.

Doupé, Adam, Marco Cova, and Giovanni Vigna. Why Johnny can’t pentest: An analysis of black-box web vulnerabilit.... International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, 2010.

Sarraute, Carlos, Olivier Buffet, and Jörg Hoffmann. Penetration Testing== POMDP Solving? arXiv preprint arXiv:1306.4714 (2013).

© 2019 Data Science Central ® Powered by

Badges | Report an Issue | Privacy Policy | Terms of Service

**Most Popular Content on DSC**

To not miss this type of content in the future, subscribe to our newsletter.

**Technical**

- Free Books and Resources for DSC Members
- Learn Machine Learning Coding Basics in a weekend
- New Machine Learning Cheat Sheet | Old one
- Advanced Machine Learning with Basic Excel
- 12 Algorithms Every Data Scientist Should Know
- Hitchhiker's Guide to Data Science, Machine Learning, R, Python
- Visualizations: Comparing Tableau, SPSS, R, Excel, Matlab, JS, Pyth...
- How to Automatically Determine the Number of Clusters in your Data
- New Perspectives on Statistical Distributions and Deep Learning
- Fascinating New Results in the Theory of Randomness
- Long-range Correlations in Time Series: Modeling, Testing, Case Study
- Fast Combinatorial Feature Selection with New Definition of Predict...
- 10 types of regressions. Which one to use?
- 40 Techniques Used by Data Scientists
- 15 Deep Learning Tutorials
- R: a survival guide to data science with R

**Non Technical**

- Advanced Analytic Platforms - Incumbents Fall - Challengers Rise
- Difference between ML, Data Science, AI, Deep Learning, and Statistics
- How to Become a Data Scientist - On your own
- 16 analytic disciplines compared to data science
- Six categories of Data Scientists
- 21 data science systems used by Amazon to operate its business
- 24 Uses of Statistical Modeling
- 33 unusual problems that can be solved with data science
- 22 Differences Between Junior and Senior Data Scientists
- Why You Should be a Data Science Generalist - and How to Become One
- Becoming a Billionaire Data Scientist vs Struggling to Get a $100k Job
- Why do people with no experience want to become data scientists?

**Articles from top bloggers**

- Kirk Borne | Stephanie Glen | Vincent Granville
- Ajit Jaokar | Ronald van Loon | Bernard Marr
- Steve Miller | Bill Schmarzo | Bill Vorhies

**Other popular resources**

- Comprehensive Repository of Data Science and ML Resources
- Statistical Concepts Explained in Simple English
- Machine Learning Concepts Explained in One Picture
- 100 Data Science Interview Questions and Answers
- Cheat Sheets | Curated Articles | Search | Jobs | Courses
- Post a Blog | Forum Questions | Books | Salaries | News

**Archives**: 2008-2014 | 2015-2016 | 2017-2019 | Book 1 | Book 2 | More

**Most popular articles**

- Free Book and Resources for DSC Members
- New Perspectives on Statistical Distributions and Deep Learning
- Time series, Growth Modeling and Data Science Wizardy
- Statistical Concepts Explained in Simple English
- Machine Learning Concepts Explained in One Picture
- Comprehensive Repository of Data Science and ML Resources
- Advanced Machine Learning with Basic Excel
- Difference between ML, Data Science, AI, Deep Learning, and Statistics
- Selected Business Analytics, Data Science and ML articles
- How to Automatically Determine the Number of Clusters in your Data
- Fascinating New Results in the Theory of Randomness
- Hire a Data Scientist | Search DSC | Find a Job
- Post a Blog | Forum Questions

## You need to be a member of Data Science Central to add comments!

Join Data Science Central