AI-based defensive solutions are necessary to defend networks and information assets against intelligent automated attacks. Gathering enough realistic data for training machine learning-based defenses is a significant practical challenge. An intelligent red teaming agent capable of performing realistic attacks can alleviate this problem. However, there is little scientific evidence demonstrating the feasibility of fully automated attacks using machine learning. In this work, we exemplify the potential threat of malicious actors using deep reinforcement learning to train automated agents. We present an agent that uses a state-of-the-art reinforcement learning algorithm to perform local privilege escalation. Our results show that the autonomous agent can escalate privileges in a Windows 7 environment using a wide variety of different techniques depending on the environment configuration it encounters. Hence, our agent is usable for generating realistic attack sensor data for training and evaluating intrusion detection systems.
翻译:以AI为基础的防御性解决方案对于保护网络和信息资产免遭智能自动攻击是必要的。 收集足够现实的数据用于培训机器学习防御是一个重大的实际挑战。 一个能够进行现实攻击的智能红色团队代理可以缓解这一问题。 但是,几乎没有科学证据表明使用机器学习完全自动攻击的可行性。 在这项工作中,我们用深强化学习来训练自动代理物来证明恶意行为者的潜在威胁。 我们提供了一个代理物,它使用最先进的强化学习算法来进行本地特权升级。 我们的结果表明,自主代理物可以在视窗7环境中使用各种不同的技术来提升特权,这取决于它所遇到的环境配置。 因此,我们的代理物可用于生成现实的攻击感应数据,用于培训和评估入侵探测系统。