Automating Privilege Escalation with Deep Reinforcement Learning

  • 2021-10-04 12:20:46
  • Kalle Kujanpää, Willie Victor, Alexander Ilin
  • 11

Abstract

AI-based defensive solutions are necessary to defend networks and informationassets against intelligent automated attacks. Gathering enough realistic datafor training machine learning-based defenses is a significant practicalchallenge. An intelligent red teaming agent capable of performing realisticattacks can alleviate this problem. However, there is little scientificevidence demonstrating the feasibility of fully automated attacks using machinelearning. In this work, we exemplify the potential threat of malicious actorsusing deep reinforcement learning to train automated agents. We present anagent that uses a state-of-the-art reinforcement learning algorithm to performlocal privilege escalation. Our results show that the autonomous agent canescalate privileges in a Windows 7 environment using a wide variety ofdifferent techniques depending on the environment configuration it encounters.Hence, our agent is usable for generating realistic attack sensor data fortraining and evaluating intrusion detection systems.

 

Quick Read (beta)

loading the full paper ...