Automated Network Exploitation Utilizing Bayesian Decision Networks

Abstract

Computer Network Exploitation (CNE) is the process of using tactics and techniques to penetrate computer systems and networks in order to achieve desired effects. It is currently a manual process requiring significant experience and time that are in limited supply. This thesis presents the Automated Network Discovery and Exploitation System (ANDES) which demonstrates that it is feasible to automate the CNE process. The uniqueness of ANDES is the use of Bayesian decision networks to represent the CNE domain and subject matter expert knowledge. ANDES conducts multiple execution cycles, which build upon previous action results. Cycles begin by modeling the current belief state using Bayesian decision networks. ANDES uses these networks to select and execute an expected best action. Observed results are used to update the systems current belief state before the next cycle begins. ANDES was tested in a live-execution event, taking place within a virtual network environment. ANDES successfully performed a series of information gathering and remote exploit actions, across multiple network hosts to gain access to the target