Simulated penetration testing as contingent planning

Dorin Shmaryahu, Guy Shani, Joerg Hoffmann, Marcel Steinmetz

Research output: Contribution to journalConference articlepeer-review


In penetration testing (pentesting), network administrators attack their own network to identify and fix vulnerabilities. Planning-based simulated pentesting can achieve much higher testing coverage than manual pentesting. A key challenge is for the attack planning to imitate human hackers as faithfully as possible. POMDP models have been proposed to this end, yet they are computationally very hard, and it is unclear how to acquire the models in practice. At the other extreme, classical planning models are scalable and simple to obtain, yet completely ignore the incomplete knowledge characteristic of hacking. We propose contingent planning as a new middle ground, feasible in both computation burden and model acquisition effort while allowing for a representation of incomplete knowledge. We design the model, show how to adapt available solvers, and show how to acquire the model from real network scans in practice. We experiment on real networks and show that our approach scales to practical input sizes.

Original languageAmerican English
Pages (from-to)241-249
Number of pages9
JournalProceedings International Conference on Automated Planning and Scheduling, ICAPS
StatePublished - 1 Jan 2018
Event28th International Conference on Automated Planning and Scheduling, ICAPS 2018 - Delft, Netherlands
Duration: 24 Jun 201829 Jun 2018

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Science Applications
  • Information Systems and Management


Dive into the research topics of 'Simulated penetration testing as contingent planning'. Together they form a unique fingerprint.

Cite this