Penetration testing is used by numerous organizations, including most in the defense sector, to validate their IT security; however, it has typically been a manually intensive process. Artificial intelligence presents a prospective solution to this challenge, with automated active sensing offering the potential to identify vulnerabilities that time-limited human penetration testers cannot. This paper goes beyond simple automation and presents and evaluates a system that brings together an explainable artificial intelligence technology, a network scanning and modeling technology and an attack automation technology to make penetration testing an optimization problem that can be solved by machine learning.
|