Pen-Strategist: LLM-Based Framework for Automated Penetration Testing
A new framework called Pen-Strategist aims to improve automated penetration testing using large language models. The framework includes a domain-specific reasoning model that derives strategies through logical reasoning and a classifier that converts strategies into actionable steps. Researchers constructed a reasoning dataset with logical explanations for strategy derivation and step selection in penetration testing scenarios. This addresses the shortage of skilled cybersecurity professionals and the limitations of existing LLM-based agents in strategy formulation and domain-specific reasoning.
Key facts
- Cyber threats are increasing and affecting enterprises, government services, and individuals.
- There is a shortage of skilled cybersecurity professionals.
- Existing LLM-based agents for penetration testing perform poorly in strategy formulation and domain-specific reasoning.
- Pen-Strategist consists of a reasoning model and a classifier.
- The reasoning model derives penetration testing strategies via logical reasoning.
- The classifier converts strategies into actionable steps.
- A reasoning dataset was constructed for strategy derivation and step selection.
- The framework is proposed to overcome limitations of current automated penetration testing.
Entities
—