TRITON: Generative Automation of Security Penetration Tests

The convergence of different technologies coming with their own vulnerabilities, such as Internet of Things (IoT), communication networks, Operating Systems (OS) and Artificial Intelligence (AI) systems open-up new attack fronts and shift the attackers’ interest to more sophisticated techniques. As technology advances in cyber defence services, military digital operations, and civilian safety applications along with the complexity of cyber risks, the need for automated cybersecurity assessments becomes increasingly important. The necessity for regular security testing, including penetration testing, has raised awareness of best practices and standards for such assessments. TRITON‘s vision is to overcome defence-specific obstacles associated to the automation of penetration tests, and fully automate the pre- and post- pentesting process adopting Markov chain Monte Carlo (MCMC) decision processes to discover hidden attack paths and the DevSecOps paradigm integrated with well-known pentesting frameworks (e.g., Kali Linux, Aircrack-ng, Metasploit, etc.) focusing on military Security Operation Centres (SOCs), web and heterogeneous cloud applications, telecom and wireless networks. It introduces the novel concept of Human-as-a-Security-Sensor (HaaSS), letting the operators of the automated penetration testing solution to monitor the progress, perform what-if analysis, predict future paths, and enforce controls through security policies. The key idea is to build a wide‐ranging manifold of novel tools and strategies that enable next‐generation ICT systems and networks with distributed devices, to perform automated and Artificial Intelligence (AI) driven security assessments at massive scale. TRITON is expected to realize its vision through generative AI and ethical attacks performed by Generative Adversarial Networks (GANs) and proactive risk assessments with optimal mitigation controls targeting code, firmware, networks, and ICT deployment environments.