Comments (5)
@MasanoriYamada
thanks for your advises.
now, i think want to improve the accuracy of exploitation.
-
current version of DeepExploit is only using the normalization.
but, i think that accuracy is not as good as i thought. so, i'll try to one-hot encoding instead of the normalization. -
i think want to improve definition of after performing action.
if DeepExploit succeeds exploitation, status of metasploit's console is changed (one example: msf -> meterpreter). so, i think want to use console's status to definition of after performing action.
i'd be pleased if you could give me other advice.
from machine_learning_security.
@13o-bbr-bbq
Thanks for quick reply.
- current version of DeepExploit is only using the normalization.
but, i think that accuracy is not as good as i thought. so, i'll try to one-hot encoding instead of the normalization.
OK.
Since the pace of ports and versions are higher dimensions, you may have to use domain knowledge.
i.e. some ports are handled specially.
2.i think want to improve definition of after performing action.
if DeepExploit succeeds exploitation, status of metasploit's console is changed (one example: msf -> meterpreter). so, i think want to use console's status to definition of after performing action.
OK! I understand.
I am not an expert on penetration testing, so please teach me.
How many post-exploitation do you do in your experience?
(Because the action space is large, I am concerned about the depth of exploration)
from machine_learning_security.
i have a question. is domain knowledge a technique used in transfer learning?
No, my mean that domain knowledge is network and security knowledge.
start --[exploitation (using RL)]--> first server --[exploitation (using RL)]--> second server --[exploitation (using RL)]--> third server --> ...
OK! I understand.
If you are penetrating under the assumption that an attack should not be detected.
Post exploit is nice, but it may be good to give a negative reward if an attack is detected.
Because in this situation the delayed reward for reinforcement learning is more efficient.
from machine_learning_security.
No, my mean that domain knowledge is network and security knowledge.
oh, i misunderstood.
i'll improve state of ports and versions using my security knowledge.
but it may be good to give a negative reward if an attack is detected.
you're completely right. in penetration test, it is bad that an attack is detected.
so, i'll consider method of negative reward that attack is detected (anti virus etc).
thanks for your advice!
from machine_learning_security.
@MasanoriYamada
thanks for reply!
Since the pace of ports and versions are higher dimensions, you may have to use domain knowledge.
great thanks for your advice.
i have a question. is domain knowledge a technique used in transfer learning?
How many post-exploitation do you do in your experience?
(Because the action space is large, I am concerned about the depth of exploration)
actually there are various patterns post-exploitation (penetrate internal servers via compromised server, extract credential information on compromised server, etc.). but, the purpose of the current DeepExploit is to penetrate the internal server.
therefore, if DeepExploit succeed exploitation of first server, it tries to penetrate the internal server via the first server. and, if DeepExploit succeed exploitation of the internal server (=second server) via first server, it tries to penetrate other internal servers via second server as well. repeat this for the number of servers.
my assumption is as follows.
start --[exploitation (using RL)]--> first server --[exploitation (using RL)]--> second server --[exploitation (using RL)]--> third server --> ...
but, it is not realistic to repeat penetration infinitely, so in practice i define the maximum number of target servers.
from machine_learning_security.
Related Issues (20)
- DeepExploit issues HOT 1
- pip3 install tensorflow error & auto killed HOT 1
- Could not find a version that satisfies the requirement tensorflow>=1.8.0 HOT 1
- python3 DeepExploit.py -h & SyntaxError: invalid syntax
- Problem with string matching HOT 1
- range of targets and modules
- Retry "auth.login" call. reason: [Errno 60] Operation timed out HOT 1
- Illegal instruction HOT 1
- int is not allowed for map key? HOT 3
- DeepExploit issue HOT 2
- Lots Of Bug HOT 3
- Msf5 exploitation
- Starting a Business
- how to s solve this question? HOT 4
- No ports found in host that has opened ports HOT 1
- Retry "auth.login" call. reason: [Errno 111] Connection refused HOT 3
- Installation Environment
- 'utf-8' codec can't decode byte 0xb5 in position 182: invalid start byte
- Retry "auth.login" call. reason: [Errno 110] Connection timed out HOT 1
- can only concatenate str (not "bytes") to str Failed: console.read type:<class 'TypeError'>
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from machine_learning_security.