12,609 research outputs found

    Reinforcement learning for efficient network penetration testing

    Get PDF
    Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite and resource-consuming despite the use of evolving tools. In this paper, we propose and evaluate an AI-based pentesting system which makes use of machine learning techniques, namely reinforcement learning (RL) to learn and reproduce average and complex pentesting activities. The proposed system is named Intelligent Automated Penetration Testing System (IAPTS) consisting of a module that integrates with industrial PT frameworks to enable them to capture information, learn from experience, and reproduce tests in future similar testing cases. IAPTS aims to save human resources while producing much-enhanced results in terms of time consumption, reliability and frequency of testing. IAPTS takes the approach of modeling PT environments and tasks as a partially observed Markov decision process (POMDP) problem which is solved by POMDP-solver. Although the scope of this paper is limited to network infrastructures PT planning and not the entire practice, the obtained results support the hypothesis that RL can enhance PT beyond the capabilities of any human PT expert in terms of time consumed, covered attacking vectors, accuracy and reliability of the outputs. In addition, this work tackles the complex problem of expertise capturing and re-use by allowing the IAPTS learning module to store and re-use PT policies in the same way that a human PT expert would learn but in a more efficient way

    Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

    Full text link
    Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

    Impact of Mobile and Wireless Technology on Healthcare Delivery services

    Get PDF
    Modern healthcare delivery services embrace the use of leading edge technologies and new scientific discoveries to enable better cures for diseases and better means to enable early detection of most life-threatening diseases. The healthcare industry is finding itself in a state of turbulence and flux. The major innovations lie with the use of information technologies and particularly, the adoption of mobile and wireless applications in healthcare delivery [1]. Wireless devices are becoming increasingly popular across the healthcare field, enabling caregivers to review patient records and test results, enter diagnosis information during patient visits and consult drug formularies, all without the need for a wired network connection [2]. A pioneering medical-grade, wireless infrastructure supports complete mobility throughout the full continuum of healthcare delivery. It facilitates the accurate collection and the immediate dissemination of patient information to physicians and other healthcare care professionals at the time of clinical decision-making, thereby ensuring timely, safe, and effective patient care. This paper investigates the wireless technologies that can be used for medical applications, and the effectiveness of such wireless solutions in a healthcare environment. It discusses challenges encountered; and concludes by providing recommendations on policies and standards for the use of such technologies within hospitals

    No. 06: The Urban Food System of Nairobi, Kenya

    Get PDF
    Nairobi is a city of stark contrasts. Nearly half a million of its three million residents live in abject poverty in some of Africa’s largest slums, yet the Kenyan capital is also an international and regional hub. In East Africa, rapid urbanization is stretching existing food and agriculture systems as growing cities struggle to provide food and nutrition security for their inhabitants. Nairobi is no exception; it is a dynamically growing city and its food supply chains are constantly adapting and responding to changing local conditions. It is also an international city and the extent to which it is food secure is increasingly predicated on food imports from the regional East African Community and other international sources. Informal traditional value chains have a variety of actors and intermediaries that increase transaction costs and create an inefficient post-harvest procurement network, thereby pushing food products out of the reach of those who need them most. The majority of Nairobi’s food purchases are from informal food vendors. The city’s urban poor rely on the informal food sector for several reasons including that it provides food close to where they live and work, credit and barter are often available, small quantities can be purchased, and many items are sold more cheaply than at formal outlets. The leading income-generating activity for women in Nairobi’s poor communities is selling fruit and vegetables
    • …
    corecore