Vulnerability Exploitation Using Reinforcement Learning

Our main goal is to create a reinforcement agent that is capable of exploiting a particular vulnerability. Hiring a penetration tester or doing manual exploitation can be expensive and time-consuming, thus such a process needs to be intelligent and automated. There are many tools out there that perform auto-exploitation, like Metasploit Pro. But the problem with such tools is that they require significant execution time and resources because they are based on trying every possible payload and checking if it works or not. In this work, we created a reinforcement agent and configured it to exploit a certain vulnerability. After the agent completes the training phase, it stores payloads with their corresponding reward values in a Q-Table. When the agent faces a state that is a combination of a target operating system and a certain vulnerability, it knows what options to set to perform exploitation by looking at its Q- Table. The proposed methodology was tested on remote code execution vulnerability in CouchDB version 3.1.0. After the training phase was completed, deployment was tested on three different systems in which the main goal of the attacker (establishing a reverse shell) was achieved using the payloads with the highest rank in the Q- Table in 8.26 seconds (average).