基于强化学习的渗透路径推荐模型

渗透测试的核心问题是渗透测试路径的规划，手动规划依赖测试人员的经验，而自动生成渗透路径主要基于网络安全的先验知识和特定的漏洞或网络场景，所需成本高且缺乏灵活性。针对这些问题，提出一种基于强化学习的渗透路径推荐模型QLPT，通过多回合的漏洞选择和奖励反馈，最终给出针对渗透对象的最佳渗透路径。在开源靶场的渗透实验结果表明，与手动测试的渗透路径相比，所提模型推荐的路径具有较高一致性，验证了该模型的可行性与准确性；与自动化渗透测试框架Metasploit相比，该模型在适应所有渗透场景方面也更具灵活性。

Recommendation model of penetration path based on reinforcement learning

The core problem of penetration test is the planning of penetration test paths. Manual planning relies on the experience of testers， while automated generation of penetration paths is mainly based on the priori knowledge of network security and specific vulnerabilities or network scenarios， which requires high cost and lacks flexibility. To address these problems， a reinforcement learning-based penetration path recommendation model named Q Learning Penetration Test （QLPT） was proposed to finally give the optimal penetration path for the penetration object through multiple rounds of vulnerability selection and reward feedback. It is found that the recommended path of QLPT has a high consistency with the path of manual penetration test by implementing penetration experiments at open source cyber range， verifying the feasibility and accuracy of this model； compared with the automated penetration test framework Metasploit， QLPT is more flexible in adapting to all penetration scenarios.