Treffer: A unified modeling framework for automated penetration testing.

• Conducts the first systematic survey of simulation modeling methods in AutoPT. • Proposes a novel four-dimensional taxonomy for classifying AutoPT simulations. • Proposes a policy-automation-driven framework for multi-dimensional simulation. • Provides open datasets and network generators for customizable simulations. Recent advancements in AI-integrated automated penetration testing (AutoPT) methodologies demonstrate that agent training based on simulation modeling can significantly enhance cost-efficiency while reducing feedback latency. However, despite the growing body of AutoPT research, a critical gap remains: the absence of a unified framework for simulation modeling methods. This paper systematically reviews and synthesizes existing techniques, proposing MDCPM to categorize studies based on their objectives, network simulation complexity, technical and tactical operation dependencies, and scenario feedback and variation. To address the lack of a unified method for multi-dimensional, multi-level simulation modeling, especially in dynamic environments, we propose AutoPT-Sim, a novel policy-automation-driven framework capable of simulating arbitrary sub-dimensional element across three key dimensions. AutoPT-Sim offers a holistic approach to modeling network environments, attackers, and defenders, overcoming the limitations of static and linear modeling techniques. Furthermore, we contribute a standardized network environment dataset and a network generator tool capable of generating networks of diverse sizes. By seamlessly integrating such datasets, AutoPT-Sim enables diverse simulation modeling levels for policy automation in MDCPM, while the network generator empowers researchers to create customized target network data, supporting tailored experimentation. [ABSTRACT FROM AUTHOR]

Copyright of Computers & Security is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)