/CTFRL-Index

Index of repositories on CTF and RL

Index

  1. CTF-RL: this repository contains tabular Q-learning agents solving simple penetration testing tasks. Lazy loading, state aggregation and imitation learning are investigated as techniques to improve learning [1]. (final)

  2. gym-agentwebmodel: this repository contains the OpenAI gym implementation of simple environments for penetration testing. Simple tabular Q-learning agents are provided as baselines [2]. (final)

  3. CTF-SQL: this repository contains tabular and neural Q-learning agents solving SQL injection tasks in a very structured environment [3]. (final)

3B. gym-CTF-SQL: this repository contains the OpenAI gym environment used in CTF-SQL. (final)

  1. sql_env: this repository contains PPO agents with different degrees of a priori structure solving simple SQL injection problems [4]. (final)

  2. SQL-RL-2: this repository contains tabular Q-learning agents solving different forms of SQL injection problems. (WIP)

  3. dynamic_ctf_games: this repository contains a versatile generator of realistic pages with SQL injection vulnerabilities. (WIP)

  4. [SQL3]: this repository contains RL agents tackling realistic challenges via imitation learning. (WIP)

  5. CTF-RepresentationLearning: this repository explores neural models to encode a web page that an agent may interact with during penetration testing. (WIP)

References

[1] Zennaro, F.M. and Erdodi, L., 2020. Modeling Penetration Testing with Reinforcement Learning Using Capture-the-Flag Challenges: Trade-offs between Model-free Learning and A Priori Knowledge. arXiv preprint arXiv:2005.12632.

[2] Erdodi, L. and Zennaro, F.M., 2020. The Agent Web Model--Modelling web hacking for reinforcement learning. arXiv preprint arXiv:2009.11274.

[3] Erdodi, L., Sommervoll, A.A. and Zennaro, F.M., 2020. Simulating SQL Injection Vulnerability Exploitation Using Q-Learning Reinforcement Learning Agents. arXiv preprint arXiv:2101.03118.

[4] Del Verme, M., Sommervoll, A.A., Erdodi, L., Totaro, S., and Zennaro, F.M., 2021. SQL Injections and Reinforcement Learning: An EmpiricalEvaluation of the Role of Action Structure.