This project applies artificial-intelligence (AI) techniques to proactive
vulnerability assessment (VA) in computer networks. Current library-based
approach to VA does not prevent the exploitation of vulnerabilities outside
the library. This proposal takes the first step toward the next generation
of proactive VA software by studying advanced AI techniques that learn to
attack a computer network, and hence discover its vulnerabilities and
weaknesses before these weaknesses are exploited. The initial work casts VA
within the framework of reinforcement learning (RL), which is an active area
of AI, and has demonstrated previous successes for other networking
problems. RL researchers study algorithms for learning high reward
strategies for one or more agents based on reward signals received while
interacting with an environment. For VA, the environment corresponds to a
specific computer network, the reward signal provides positive reward for
activity that is detrimental to a network and negative reward for activity
that is detected as malicious. The strategy discovered by RL gives a method
for one or more agents to attack the network without being detected. In
this proposal, the focus is on using RL techniques to discover VA in
Peer-to-Peer networks. The broader impact of this project will include
bridging the gap between AI and network research communities, and research
results will be disseminated through a website at
http://www.eecs.orst.edu/~thinhq/research/AI_Security/index.html.