12,609 research outputs found
Reinforcement learning for efficient network penetration testing
Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite and resource-consuming despite the use of evolving tools. In this paper, we propose and evaluate an AI-based pentesting system which makes use of machine learning techniques, namely reinforcement learning (RL) to learn and reproduce average and complex pentesting activities. The proposed system is named Intelligent Automated Penetration Testing System (IAPTS) consisting of a module that integrates with industrial PT frameworks to enable them to capture information, learn from experience, and reproduce tests in future similar testing cases. IAPTS aims to save human resources while producing much-enhanced results in terms of time consumption, reliability and frequency of testing. IAPTS takes the approach of modeling PT environments and tasks as a partially observed Markov decision process (POMDP) problem which is solved by POMDP-solver. Although the scope of this paper is limited to network infrastructures PT planning and not the entire practice, the obtained results support the hypothesis that RL can enhance PT beyond the capabilities of any human PT expert in terms of time consumed, covered attacking vectors, accuracy and reliability of the outputs. In addition, this work tackles the complex problem of expertise capturing and re-use by allowing the IAPTS learning module to store and re-use PT policies in the same way that a human PT expert would learn but in a more efficient way
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Impact of Mobile and Wireless Technology on Healthcare Delivery services
Modern healthcare delivery services embrace the use of leading edge technologies and new
scientific discoveries to enable better cures for diseases and better means to enable early
detection of most life-threatening diseases. The healthcare industry is finding itself in a
state of turbulence and flux. The major innovations lie with the use of information
technologies and particularly, the adoption of mobile and wireless applications in
healthcare delivery [1]. Wireless devices are becoming increasingly popular across the
healthcare field, enabling caregivers to review patient records and test results, enter
diagnosis information during patient visits and consult drug formularies, all without the
need for a wired network connection [2]. A pioneering medical-grade, wireless
infrastructure supports complete mobility throughout the full continuum of healthcare
delivery. It facilitates the accurate collection and the immediate dissemination of patient
information to physicians and other healthcare care professionals at the time of clinical
decision-making, thereby ensuring timely, safe, and effective patient care. This paper
investigates the wireless technologies that can be used for medical applications, and the
effectiveness of such wireless solutions in a healthcare environment. It discusses challenges
encountered; and concludes by providing recommendations on policies and standards for
the use of such technologies within hospitals
No. 06: The Urban Food System of Nairobi, Kenya
Nairobi is a city of stark contrasts. Nearly half a million of its three million residents live in abject poverty in some of Africa’s largest slums, yet the Kenyan capital is also an international and regional hub. In East Africa, rapid urbanization is stretching existing food and agriculture systems as growing cities struggle to provide food and nutrition security for their inhabitants. Nairobi is no exception; it is a dynamically growing city and its food supply chains are constantly adapting and responding to changing local conditions. It is also an international city and the extent to which it is food secure is increasingly predicated on food imports from the regional East African Community and other international sources. Informal traditional value chains have a variety of actors and intermediaries that increase transaction costs and create an inefficient post-harvest procurement network, thereby pushing food products out of the reach of those who need them most. The majority of Nairobi’s food purchases are from informal food vendors. The city’s urban poor rely on the informal food sector for several reasons including that it provides food close to where they live and work, credit and barter are often available, small quantities can be purchased, and many items are sold more cheaply than at formal outlets. The leading income-generating activity for women in Nairobi’s poor communities is selling fruit and vegetables
- …