Abstract:Penetration testing is an essential means of proactive defense in the face of escalating cybersecurity incidents. Traditional manual penetration testing methods are time-consuming, resource-intensive, and prone to human errors. Current trends in automated penetration testing are also impractical, facing significant challenges such as the curse of dimensionality, scalability issues, and lack of adaptability to network changes. To address these issues, we propose MEGA-PT, a meta-game penetration testing framework, featuring micro tactic games for node-level local interactions and a macro strategy process for network-wide attack chains. The micro- and macro-level modeling enables distributed, adaptive, collaborative, and fast penetration testing. MEGA-PT offers agile solutions for various security schemes, including optimal local penetration plans, purple teaming solutions, and risk assessment, providing fundamental principles to guide future automated penetration testing. Our experiments demonstrate the effectiveness and agility of our model by providing improved defense strategies and adaptability to changes at both local and network levels.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve several key problems in current penetration testing methods: 1. **Limitations of traditional manual penetration testing**: - Manual penetration testing is time - consuming, resource - intensive, and prone to human error. - Relying solely on manual testing often fails to identify all vulnerabilities in the system. 2. **Challenges of existing automated penetration testing methods**: - **Curse of Dimensionality**: Methods based on Reinforcement Learning (RL) or Markov Decision Process (MDP) include all known information of each machine in the network when defining the state space, resulting in a sharp increase in computational complexity. - **Scalability Issues**: Partially Observable Markov Decision Process (POMDP) methods have difficulty handling large - scale networks. - **Lack of adaptability**: These methods assume that the network structure and software configuration remain unchanged, so they cannot adapt to network changes. - **Disconnection from actual operations**: Many models do not follow the Tactics, Techniques, and Procedures (TTPs) in real - world cybersecurity practices, but mainly rely on assumptions and simulations, which limits their practical applications. To address these problems, the author proposes a meta - game framework named MEGA - PT. This framework models node - level local interactions and network - wide attack chains through the introduction of Micro Tactic Games and Macro Strategy Process, thereby achieving distributed, adaptive, collaborative, and rapid penetration testing. Specifically: - **Micro Tactic Games**: Used to capture the interactions between defenders and attackers on each local node. - **Macro Strategy Process**: Used to model lateral movement and attack chains in the entire network. In addition, MEGA - PT also provides multiple security solutions, including optimal local penetration plans, Purple Teaming solutions, and risk assessment, providing basic principles for future automated penetration testing. ### Key contributions 1. **Proposed a meta - security game framework MEGA - PT, in which Micro Tactic Games are modeled as extensive - form games and Macro Strategy Process are modeled as Markov Decision Process**. 2. **Provided solution concepts applicable to different security goals, including vulnerability discovery, defense recommendations, and risk analysis**. 3. **Experimentally verified the effectiveness and adaptability of MEGA - PT, demonstrating its ability to provide improved defense strategies at the network and local levels**. 4. **Laid the foundation for future automated penetration testing and promoted the practical development in this field**. Through these contributions, MEGA - PT not only solves the limitations of existing penetration testing methods but also provides new ideas for improving the overall efficiency and scalability of network security.

MEGA-PT: A Meta-Game Framework for Agile Penetration Testing

ADAPT: A Game-Theoretic and Neuro-Symbolic Framework for Automated Distributed Adaptive Penetration Testing

AutoPwn: Artifact-Assisted Heap Exploit Generation for CTF PWN Competitions

PentestGPT: An LLM-empowered Automatic Penetration Testing Tool

An Intelligent Penetration Testing Method Using Human Feedback

An Overview of Penetration Testing

Hacking, The Lazy Way: LLM Augmented Pentesting

PentestAgent: Incorporating LLM Agents to Automated Penetration Testing

POMDPs Make Better Hackers: Accounting for Uncertainty in Penetration Testing

A Red Team automated testing modeling and online planning method for post-penetration

Getting pwn'd by AI: Penetration Testing with Large Language Models

Towards Automated Penetration Testing: Introducing LLM Benchmark, Analysis, and Improvements

Towards new challenges of modern Pentest

Les POMDP font de meilleurs hackers: Tenir compte de l'incertitude dans les tests de penetration

Automated Attack Planning

Development and Analysis of P2SCP: A Paradigm for Penetration Testing of Systems that Cannot be Subjected to the Risk of Penetration Testing

Penetration Testing == POMDP Solving?

An Automated Penetration Testing Framework Based on Hierarchical Reinforcement Learning

EPPTA: Efficient Partially Observable Reinforcement Learning Agent for Penetration Testing Applications

Agent-based (BDI) modeling for automation of penetration testing