A Unified Modeling Framework for Automated Penetration Testing
Yunfei Wang, Shixuan Liu, Wenhao Wang, Changling Zhou, Chao Zhang, Jiandong Jin, Cheng Zhu
TL;DR
The paper addresses the lack of a unified framework for automated penetration testing simulation modeling. It introduces MDCPM, a four-dimensional classification system that organizes literature by objectives, network complexity, action dependencies, and scenario dynamics, and AutoPT-Sim, a policy-automation driven framework that unifies network, attacker, and defender modeling within dynamic environments. A public network-simulation dataset and a Network Generator are released to enable flexible, multi-scale experiments and fair comparisons of intelligent decision-making approaches. The work emphasizes end-to-end AutoPT with dynamic environments, explicit attacker and defender state transitions, and the need for standardized evaluation metrics. Ethical considerations and future work include expanding state-transition datasets and developing community benchmarks for robust, reproducible AutoPT research.
Abstract
The integration of artificial intelligence into automated penetration testing (AutoPT) has highlighted the necessity of simulation modeling for the training of intelligent agents, due to its cost-efficiency and swift feedback capabilities. Despite the proliferation of AutoPT research, there is a recognized gap in the availability of a unified framework for simulation modeling methods. This paper presents a systematic review and synthesis of existing techniques, introducing MDCPM to categorize studies based on literature objectives, network simulation complexity, dependency of technical and tactical operations, and scenario feedback and variation. To bridge the gap in unified method for multi-dimensional and multi-level simulation modeling, dynamic environment modeling, and the scarcity of public datasets, we introduce AutoPT-Sim, a novel modeling framework that based on policy automation and encompasses the combination of all sub dimensions. AutoPT-Sim offers a comprehensive approach to modeling network environments, attackers, and defenders, transcending the constraints of static modeling and accommodating networks of diverse scales. We publicly release a generated standard network environment dataset and the code of Network Generator. By integrating publicly available datasets flexibly, support is offered for various simulation modeling levels focused on policy automation in MDCPM and the network generator help researchers output customized target network data by adjusting parameters or fine-tuning the network generator.