Cyber attacks pose existential threats to nations and enterprises. Current practice favors piece-wise analysis using threat-models in the stead of rigorous cyber terrain analysis and intelligence preparation of the battlefield. Automated penetration testing using reinforcement learning offers a new and promising approach for developing methodologies that are driven by network structure and cyber terrain, that can be later interpreted in terms of threat-models, but that are principally network-driven analyses. This paper presents a novel method for crown jewel analysis termed CJA-RL that uses reinforcement learning to identify key terrain and avenues of approach for exploiting crown jewels. In our experiment, CJA-RL identified ideal entry points, choke points, and pivots for exploiting a network with multiple crown jewels, exemplifying how CJA-RL and reinforcement learning for penetration testing generally can benefit computer network operations workflows.
Cite
@article{arxiv.2108.09358,
title = {Crown Jewels Analysis using Reinforcement Learning with Attack Graphs},
author = {Rohit Gangupantulu and Tyler Cody and Abdul Rahman and Christopher Redino and Ryan Clark and Paul Park},
journal= {arXiv preprint arXiv:2108.09358},
year = {2021}
}