ANALYSIS OF PENETRATION TESTING APPROACHES USING REINFORCEMENT LEARNING

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.28.789

Keywords:

penetration testing, machine learning, reinforcement learning, automation, cybersecurity, vulnerabilities, threats, artificial intelligence

Abstract

Penetration testing (PT) is an important method for ensuring digital security, which allows to assess the presence of vulnerabilities in systems and networks through attack simulations. Due to the rapid development of technologies and the growth of digital threats, there is a need to improve testing methods, in particular through the implementation of machine learning (ML) and reinforcement learning (RL) algorithms. The article discusses modern approaches to automating penetration testing using machine learning and reinforcement learning, which can significantly increase the efficiency and accuracy of the process. Penetration testing includes several stages, such as collecting information about the target system, scanning, analyzing threats and vulnerabilities, exploitation, generating a report, etc. Traditional methods often require significant human resources and time. The implementation of artificial intelligence (AI) and ML allows to automate these stages, which leads to a significant reduction in time and increased testing efficiency. In particular, the NLP-based approach demonstrates high potential for adapting to changes in the testing environment, allowing systems to independently improve their strategies over time, based on experience. The article reviews various approaches, including the use of deep learning and model-free NLP methods for penetration testing automation. The advantages and limitations of each approach are analyzed, including the importance of adaptability to environmental changes, high accuracy of vulnerability detection, and the difficulties that arise when integrating and configuring tools, especially for large and complex networks. Possible challenges associated with the use of significant computing power and the need to model specific conditions are also considered. As a result of the study, the most relevant approaches to penetration testing automation using reinforcement learning methods have been identified, which have significant potential for increasing the efficiency and adaptability of testing processes. Future research prospects focus on expanding the capabilities of NFP models for application in complex and large networks, as well as on integration with other cybersecurity platforms to create more comprehensive and efficient automated testing systems.

Downloads

Download data is not yet available.

References

Cybersecurity – is (n. d.). FoxmindEd. https://foxminded.ua/kiberbezpeka-tse/

Clintswood, Lie, D. G., Kuswandana, L., Nadia, Achmad, S., & Suhartono, D. (2023). The usage of machine learning on penetration testing automation. In 2023 3rd international conference on electronic and electrical engineering and intelligent system (ICE3IS). IEEE. https://doi.org/10.1109/ice3is59323.2023.10335188

Hu, Z., Beuran, R., & Tan, Y. (2020). Automated penetration testing using deep reinforcement learning. In 2020 IEEE european symposium on security and privacy workshops (euros&pw). IEEE. https://doi.org/10.1109/eurospw51379.2020.00010

Jagamogan, R. S., Ismail, S. A., Hassan, N. H., & Abas, H. (2022). Penetration testing procedure using machine learning. У 2022 4th international conference on smart sensors and application (ICSSA). IEEE. https://doi.org/10.1109/icssa54161.2022.9870951

Tolkachova, A., Posuvailo, M-M. (2024). Penetration testing using deep reinforcement learning. Cybersecurity: education, science, technology, 17–30. https://doi.org/10.28925/2663-4023.2024.23.1730

Ghanem, M. C., & Chen, T. M. (2018). Reinforcement learning for intelligent penetration testing. In 2018 second world conference on smart trends in systems, security and sustainability (worlds4). IEEE. https://doi.org/10.1109/worlds4.2018.8611595

Ghanem, M. C., & Chen, T. M. (2019). Reinforcement learning for efficient network penetration testing. Information, 11(1), 6. https://doi.org/10.3390/info11010006

Prytula, A. V., & Kupershtein, L. M., (2024). Application of reinforcement learning methods in penetration testing: Effectiveness, challenges and prospects. In Proceedings of the Fourth Scientific and Technical Conference, 78–79.

Skybun, O. (2022). Penetration Testing: purpose and objectives. Grail of Science, (22), 161–163. https://doi.org/10.36074/grail-of-science.25.11.2022.28

Prytula, A. V., & Kupershtein, L. M., (2024). Application of artificial intelligence for penetration testing. LIII All-Ukrainian Scientific and Technical Conference of the Faculty of Information Technologies and Computer Engineering. Vinnytsia National Technical University.

Joseph, T. (2023). Influence of AI and Machine Learning on Pen Testing. QASource Blog. https://blog.qasource.com/the-influence-of-ai-and-machine-learning-on-pen-testing

Ghanem, M. C., Chen, T. M., & Nepomuceno, E. G. (2022). Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks. Journal of Intelligent Information Systems. https://doi.org/10.1007/s10844-022-00738-0

Schwartz, J., & Kurniawati, H. (2019, May 15). Autonomous penetration testing using reinforcement learning. arXiv.org. https://arxiv.org/abs/1905.05965

Search engine for the internet of everything. (n. d.). Shodan Search Engine. https://www.shodan.io/

Dhumne, S. (2023). Deep Q-Network (DQN). Medium. https://medium.com/@shruti.dhumne/deep-q-network-dqn-90e1a8799871

Zennaro, F., & Erd´odi, L. (2021). Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A Priori Knowledge. arXiv.org. https://arxiv.org/pdf/2005.12632

Maeda, R., & Mimura, M. (2021). Automating post-exploitation with deep reinforcement learning. Computers & Security, 100, 102108. https://doi.org/10.1016/j .cose.2020.102108

Hùng, N. V., & Công, N. T. (2023). Applying reinforcement learning in automated penetration testing. Journal of Science and Technology on Information Security, 3(17), 61–77. https://doi.org/10.54654/isj.v3i17.876

Kupershtein, L. M., Prytula, A. V., & Malinovskyi, V. I. (2024). Analysis of web application penetration testing technologies. Scientific papers of Vinnytsia National Technical University, (2). https://doi.org/10.31649/2307-5376-2024-2-45-53

Downloads


Abstract views: 0

Published

2025-06-26

How to Cite

Prytula , A., & Kupershtein, L. (2025). ANALYSIS OF PENETRATION TESTING APPROACHES USING REINFORCEMENT LEARNING. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(28), 259–271. https://doi.org/10.28925/2663-4023.2025.28.789

Issue

Vol. 4 No. 28 (2025): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2025 Андрій Притула, Леонід Куперштейн

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.