Research into Methods of Applying Artificial Intelligence-Based Systems for Automated Penetration Testing and Vulnerability Analysis
DOI:
https://doi.org/10.66571/tsarka-3134-6057-05Аннотация
Automated penetration testing has become a practical necessity for organisations that lack the workforce required to perform thorough manual security assessments. Existing automated tools, including Metasploit, SQLMap, OWASP Nettacker, and APT2, provide exploitation or scanning capabilities, but they do not include an attack-path-selection layer that orders exploits intelligently. This work replicates and extends the ant-colony-optimization approach proposed by He et al. (2023) and evaluates it on an OpenEMR 6.0.0 simulation deployed in a Kali Linux / Ubuntu virtual environment. Two configurations of the same six-module framework, with and without the ACO module, were compared across 50 independent runs against the same target host. The ACO-enabled configuration achieved a higher overall success rate, shorter average execution time, and a higher exploit-level success rate than the no-ACO baseline. The study also examines the sensitivity of the ACO parameters α, β, and ρ in the attack-graph context. The main contribution of the paper is a clearer evaluation of automated-with-ACO versus automated-without-ACO penetration testing, together with an empirical discussion of ACO parameter selection for vulnerability-analysis workflows.







