offers a paradigm shift: an agent learns optimal sequential decisions through trial-and-error interactions with an environment. Deep RL extends this to high-dimensional state spaces (e.g., network packet data, system configurations). This paper introduces AutoPenTest-DRL , an end-to-end framework that trains a DRL agent to autonomously discover and exploit vulnerabilities, move laterally across a network, and achieve defined objectives (e.g., domain controller compromise).
AutoPentest-DRL is an open-source automated penetration testing framework developed by the Cyber Range Organization and Design (CROND) NEC-endowed chair at the Japan Advanced Institute of Science and Technology (JAIST). Its primary goal is to harness the capabilities of Deep Reinforcement Learning (DRL) to determine the most appropriate and effective attack path for a given logical network, and then use that knowledge to execute a simulated or real penetration testing attack. Designed primarily for educational and research purposes, AutoPentest-DRL provides a powerful platform for studying attack mechanisms and training cybersecurity professionals.
If you're looking to get it running immediately, follow these steps: autopentest-drl
Legal, Policy, and Compliance Issues in Using AI for Security
: Connects to physical networks to identify and test live vulnerabilities using automated penetration testing tools . Educational & Research Utility offers a paradigm shift: an agent learns optimal
Test it on a sample topology with a single command: python3 ./AutoPentest-DRL.py logical_attack Use code with caution. Copied to clipboard
A representation of the current knowledge of the target network. Each state includes: If you're looking to get it running immediately,
It doesn't just follow a checklist; it learns how to navigate unfamiliar network topologies.