{"id":"https://openalex.org/W4400976646","doi":"https://doi.org/10.1145/3664476.3664484","title":"SoK: A Comparison of Autonomous Penetration Testing Agents","display_name":"SoK: A Comparison of Autonomous Penetration Testing Agents","publication_year":2024,"publication_date":"2024-07-25","ids":{"openalex":"https://openalex.org/W4400976646","doi":"https://doi.org/10.1145/3664476.3664484"},"language":"en","primary_location":{"id":"doi:10.1145/3664476.3664484","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3664476.3664484","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5003735738","display_name":"R. W. Simon","orcid":"https://orcid.org/0009-0008-4157-1674"},"institutions":[{"id":"https://openalex.org/I150517870","display_name":"Royal Military Academy","ror":"https://ror.org/02vmnye06","country_code":"BE","type":"education","lineage":["https://openalex.org/I150517870"]}],"countries":["BE"],"is_corresponding":true,"raw_author_name":"Raphael Simon","raw_affiliation_strings":["Royal Military Academy, Belgium"],"affiliations":[{"raw_affiliation_string":"Royal Military Academy, Belgium","institution_ids":["https://openalex.org/I150517870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022101559","display_name":"Wim Mees","orcid":"https://orcid.org/0000-0002-0696-8093"},"institutions":[{"id":"https://openalex.org/I150517870","display_name":"Royal Military Academy","ror":"https://ror.org/02vmnye06","country_code":"BE","type":"education","lineage":["https://openalex.org/I150517870"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Wim Mees","raw_affiliation_strings":["Royal Military Academy, Belgium"],"affiliations":[{"raw_affiliation_string":"Royal Military Academy, Belgium","institution_ids":["https://openalex.org/I150517870"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5003735738"],"corresponding_institution_ids":["https://openalex.org/I150517870"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.11935552,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/penetration","display_name":"Penetration (warfare)","score":0.6221773624420166},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.49454566836357117},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13835495710372925},{"id":"https://openalex.org/keywords/operations-research","display_name":"Operations research","score":0.07835173606872559}],"concepts":[{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.6221773624420166},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.49454566836357117},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13835495710372925},{"id":"https://openalex.org/C42475967","wikidata":"https://www.wikidata.org/wiki/Q194292","display_name":"Operations research","level":1,"score":0.07835173606872559}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3664476.3664484","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3664476.3664484","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:vubissmart:VUBISSMART:2000:181672","is_oa":false,"landing_page_url":"https://biblio.vub.ac.be/vubir/sok-a-comparison-of-autonomous-penetration-testing-agents(38d66e52-6baa-4c39-9a9f-402440324e6b).html","pdf_url":null,"source":{"id":"https://openalex.org/S4306402573","display_name":"VUBIR (Vrije Universiteit Brussel)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I13469542","host_organization_name":"Vrije Universiteit Brussel","host_organization_lineage":["https://openalex.org/I13469542"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},{"id":"pmh:oai:vubissmart:VUBISSMART:2000:217604","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306402573","display_name":"VUBIR (Vrije Universiteit Brussel)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I13469542","host_organization_name":"Vrije Universiteit Brussel","host_organization_lineage":["https://openalex.org/I13469542"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.46000000834465027,"id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W32403112","https://openalex.org/W1629225656","https://openalex.org/W2107726111","https://openalex.org/W2123651102","https://openalex.org/W2560674852","https://openalex.org/W2736601468","https://openalex.org/W2746553466","https://openalex.org/W2952298682","https://openalex.org/W2963477884","https://openalex.org/W3100802376","https://openalex.org/W3108671495","https://openalex.org/W3121342653","https://openalex.org/W3132333118","https://openalex.org/W3188417193","https://openalex.org/W3202409790","https://openalex.org/W3202894952","https://openalex.org/W4224317173","https://openalex.org/W4285588358","https://openalex.org/W4287022721","https://openalex.org/W4313216096","https://openalex.org/W4328028706","https://openalex.org/W4378768759","https://openalex.org/W4387227942","https://openalex.org/W4394672593"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"In":[0,63],"the":[1,27,38,43,48,55,80,99,106,119,150],"still":[2],"growing":[3],"field":[4],"of":[5,29,40,45,50,57,72,89,98,124],"cyber":[6],"security,":[7],"machine":[8],"learning":[9,54,155],"methods":[10,110],"have":[11,34,84],"largely":[12],"been":[13,85],"employed":[14],"for":[15],"detection":[16],"tasks.":[17],"Only":[18],"a":[19,137,157],"small":[20],"portion":[21],"revolves":[22],"around":[23],"offensive":[24],"capabilities.":[25],"Through":[26],"rise":[28],"Deep":[30],"Reinforcement":[31],"Learning,":[32],"agents":[33,77,83],"also":[35,129],"emerged":[36],"with":[37],"goal":[39],"actively":[41],"assessing":[42],"security":[44],"systems":[46],"by":[47],"means":[49],"penetration":[51,75],"testing.":[52],"Thus":[53],"usage":[56],"different":[58,73,103],"tools":[59],"to":[60,115],"emulate":[61],"humans.":[62],"this":[64],"paper":[65],"we":[66],"present":[67,136],"an":[68],"overview,":[69],"and":[70,101,105,122,154],"comparison":[71,128],"autonomous":[74],"testing":[76],"found":[78],"within":[79],"literature.":[81],"Various":[82],"proposed,":[86],"making":[87],"use":[88],"distinct":[90],"methods,":[91],"but":[92],"several":[93],"factors":[94],"such":[95,141],"as":[96,142],"modelling":[97],"environment":[100],"scenarios,":[102],"algorithms,":[104],"difference":[107],"in":[108,156],"chosen":[109],"themselves,":[111],"make":[112],"it":[113],"difficult":[114],"draw":[116],"conclusions":[117],"on":[118],"current":[120],"state":[121],"performance":[123],"those":[125],"agents.":[126],"This":[127],"lets":[130],"us":[131],"identify":[132],"research":[133],"challenges":[134],"that":[135],"major":[138],"limiting":[139],"factor,":[140],"handling":[143],"large":[144],"action":[145],"spaces,":[146],"partial":[147],"observability,":[148],"defining":[149],"right":[151],"reward":[152],"structure,":[153],"real-world":[158],"scenario.":[159]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}