Autonomous Penetration Testing Technology

J.Straub
North Dakota State University, North Dakota, United States

Poster stand number: T118

Keywords: automated penetration testing, cybersecurity, mission critical systems

This poster presents an autonomous testing technology which has been developed for use for cybersecurity assessment. The system is based on the Blackboard Architecture artificial intelligence technique and makes decisions autonomously as to what tests to run, based on the use of a collection of configured attack tests. It can be used to validate the security of a target system (either a single computer system / device or network). The attack set, used with the technology, is configurable and extensible. Attacks can be setup manually for initial testing and then automated for expansion of testing to additional systems or network areas. Additionally, re-testing to validate that changes have not re-opened prior vulnerabilities can be automated. The Blackboard Architecture, which provides the foundation for the technology, is an inherently explainable (easily human understandable) technique. This means that the system's decision making process can be validated to ensure test completeness and effectiveness. It can also be analyzed to understand the precise nature of the vulnerabilities that it discovers (based on looking at how testing decisions were made).