<div class="csl-bib-body">
<div class="csl-entry">Happe, A., & Jürgen, C. (2023). Getting pwn’d by AI: Penetration Testing with Large Language Models. In <i>ESEC/FSE 2023: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i> (pp. 2082–2086). Association for Computing Machinery. https://doi.org/10.1145/3611643.3613083</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/192188
-
dc.description.abstract
The field of software security testing, more specifically penetration testing, requires high levels of expertise and involves many manual testing and analysis steps. This paper explores the potential use of large-language models, such as GPT3.5, to augment penetration testers with AI sparring partners. We explore two distinct use cases: high-level task planning for security testing assignments and low-level vulnerability hunting within a vulnerable virtual machine. For the latter, we implemented a closed-feedback loop between LLM-generated low-level actions with a vulnerable virtual machine (connected through SSH) and allowed the LLM to analyze the machine state for vulnerabilities and suggest concrete attack vectors which were automatically executed within the virtual machine. We discuss promising initial results, detail avenues for improvement, and close deliberating on the ethics of AI sparring partners.
en
dc.language.iso
en
-
dc.subject
machine learning
en
dc.subject
penetration testing
en
dc.subject
automated software testing
en
dc.subject
large language model
en
dc.subject
privilege escalation attacks
en
dc.title
Getting pwn’d by AI: Penetration Testing with Large Language Models
en
dc.type
Inproceedings
en
dc.type
Konferenzbeitrag
de
dc.contributor.affiliation
TU Wien, Österreich
-
dc.relation.isbn
979-8-4007-0327-0
-
dc.description.startpage
2082
-
dc.description.endpage
2086
-
dc.type.category
Full-Paper Contribution
-
tuw.booktitle
ESEC/FSE 2023: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
-
tuw.peerreviewed
true
-
tuw.relation.publisher
Association for Computing Machinery
-
tuw.relation.publisherplace
New York
-
tuw.researchTopic.id
I2
-
tuw.researchTopic.name
Computer Engineering and Software-Intensive Systems
-
tuw.researchTopic.value
100
-
tuw.publication.orgunit
E194-01 - Forschungsbereich Software Engineering
-
tuw.publisher.doi
10.1145/3611643.3613083
-
dc.description.numberOfPages
5
-
tuw.author.orcid
0009-0000-2484-0109
-
tuw.event.name
ESEC/FSE'23 : 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
en
tuw.event.startdate
03-12-2023
-
tuw.event.enddate
09-12-2023
-
tuw.event.online
On Site
-
tuw.event.type
Event for scientific audience
-
tuw.event.place
San Francisco
-
tuw.event.country
US
-
tuw.event.institution
ACM
-
tuw.event.presenter
Happe, Andreas
-
tuw.event.track
Multi Track
-
wb.sciencebranch
Informatik
-
wb.sciencebranch.oefos
1020
-
wb.sciencebranch.value
100
-
item.languageiso639-1
en
-
item.openairetype
conference paper
-
item.grantfulltext
none
-
item.fulltext
no Fulltext
-
item.cerifentitytype
Publications
-
item.openairecristype
http://purl.org/coar/resource_type/c_5794
-
crisitem.author.dept
TU Wien
-
crisitem.author.dept
E194-01 - Forschungsbereich Software Engineering
-
crisitem.author.orcid
0009-0000-2484-0109
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering
