{"id":"https://openalex.org/W7167687476","doi":"https://doi.org/10.1145/3786582.3786814","title":"PenForge: On-the-Fly Expert Agent Construction for Automated Penetration Testing","display_name":"PenForge: On-the-Fly Expert Agent Construction for Automated Penetration Testing","publication_year":2026,"publication_date":"2026-04-12","ids":{"openalex":"https://openalex.org/W7167687476","doi":"https://doi.org/10.1145/3786582.3786814"},"language":null,"primary_location":{"id":"doi:10.1145/3786582.3786814","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786582.3786814","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 48th International Conference on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3786582.3786814","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030493112","display_name":"Huihui Huang","orcid":"https://orcid.org/0009-0009-9842-5026"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Huihui Huang","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0009-9842-5026","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002667771","display_name":"Jieke Shi","orcid":"https://orcid.org/0000-0002-0799-5018"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jieke Shi","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-0799-5018","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101620625","display_name":"Junkai Chen","orcid":"https://orcid.org/0009-0000-9945-7729"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Junkai Chen","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0000-9945-7729","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100458319","display_name":"Ting Zhang","orcid":"https://orcid.org/0000-0002-6001-1372"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ting Zhang","raw_affiliation_strings":["Monash University, Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0002-6001-1372","affiliations":[{"raw_affiliation_string":"Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100730906","display_name":"Yikun Li","orcid":"https://orcid.org/0000-0002-1566-725X"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yikun Li","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-1566-725X","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066446055","display_name":"Chengran Yang","orcid":"https://orcid.org/0000-0001-6100-8127"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Chengran Yang","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-6100-8127","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041682105","display_name":"Eng Lieh Ouh","orcid":"https://orcid.org/0000-0001-7759-348X"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Eng Lieh Ouh","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7759-348X","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029828965","display_name":"Lwin Khin Shar","orcid":"https://orcid.org/0000-0001-5130-0407"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Lwin Khin Shar","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-5130-0407","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081036622","display_name":"David Lo","orcid":"https://orcid.org/0000-0002-4367-7201"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"David Lo","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-4367-7201","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.96743297,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"76","last_page":"80"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.775600016117096,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.775600016117096,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.03830000013113022,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.03739999979734421,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9315999746322632},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5335999727249146},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5110999941825867},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4490000009536743},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.415800005197525},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3582000136375427},{"id":"https://openalex.org/keywords/multi-agent-system","display_name":"Multi-agent system","score":0.3321000039577484},{"id":"https://openalex.org/keywords/penetration-test","display_name":"Penetration test","score":0.3012000024318695}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9315999746322632},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6830000281333923},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5335999727249146},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5110999941825867},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4490000009536743},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4401000142097473},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.415800005197525},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.41449999809265137},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3668999969959259},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3582000136375427},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.3321000039577484},{"id":"https://openalex.org/C98214672","wikidata":"https://www.wikidata.org/wiki/Q1501923","display_name":"Penetration test","level":3,"score":0.3012000024318695},{"id":"https://openalex.org/C58328972","wikidata":"https://www.wikidata.org/wiki/Q184609","display_name":"Expert system","level":2,"score":0.29429998993873596},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.29260000586509705},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.28790000081062317},{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.2799000144004822},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.2773999869823456},{"id":"https://openalex.org/C207267971","wikidata":"https://www.wikidata.org/wiki/Q120208","display_name":"Emerging technologies","level":2,"score":0.27730000019073486},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2759999930858612},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.2646999955177307},{"id":"https://openalex.org/C2993265231","wikidata":"https://www.wikidata.org/wiki/Q16863864","display_name":"Penetration rate","level":2,"score":0.2565999925136566}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3786582.3786814","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786582.3786814","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 48th International Conference on Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3786582.3786814","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786582.3786814","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 48th International Conference on Software Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1850923452","https://openalex.org/W2020831675","https://openalex.org/W2170478581","https://openalex.org/W2342922302","https://openalex.org/W4392609567","https://openalex.org/W4405640497","https://openalex.org/W4406325768","https://openalex.org/W4413176392"],"related_works":[],"abstract_inverted_index":{"Penetration":[0],"testing":[1,67],"is":[2,109],"essential":[3],"for":[4,89,123],"identifying":[5],"vulnerabilities":[6,141],"in":[7,41,102],"web":[8],"applications":[9],"before":[10],"real":[11],"adversaries":[12],"can":[13],"exploit":[14,96],"them.":[15],"Recent":[16],"work":[17],"has":[18],"explored":[19],"automating":[20],"this":[21],"process":[22],"with":[23,83,161],"Large":[24],"Language":[25],"Model":[26],"(LLM)-powered":[27],"agents,":[28],"but":[29],"existing":[30],"approaches":[31],"either":[32],"rely":[33],"on":[34,71,86,100],"a":[35,59,94,110,180],"single":[36],"generic":[37],"agent":[38,174],"that":[39,48,61],"struggles":[40],"complex":[42],"scenarios":[43],"or":[44],"narrowly":[45],"specialized":[46],"agents":[47,65,84],"cannot":[49],"adapt":[50],"to":[51,131,138],"diverse":[52],"vulnerability":[53],"types.":[54],"We":[55],"therefore":[56],"introduce":[57],"PenForge,":[58],"framework":[60],"dynamically":[62],"constructs":[63],"expert":[64],"during":[66],"rather":[68],"than":[69],"relying":[70],"those":[72],"prepared":[73],"beforehand.":[74],"By":[75],"integrating":[76],"automated":[77],"reconnaissance":[78],"of":[79,172],"potential":[80,163],"attack":[81,143],"surfaces":[82],"instantiated":[85],"the":[87,103,115,167],"fly":[88],"context-aware":[90],"exploitation,":[91],"PenForge":[92,165],"achieves":[93],"30.0%":[95],"success":[97],"rate":[98],"(12/40)":[99],"CVE-Bench":[101],"particularly":[104],"challenging":[105],"zero-day":[106],"setting,":[107],"which":[108],"3":[111],"\u00d7":[112],"improvement":[113],"over":[114],"state-of-the-art.":[116],"Our":[117],"analysis":[118],"also":[119],"identifies":[120],"three":[121],"opportunities":[122],"future":[124],"work:":[125],"(1)":[126],"supplying":[127],"richer":[128],"tool-usage":[129],"knowledge":[130],"improve":[132],"exploitation":[133],"effectiveness;":[134],"(2)":[135],"extending":[136],"benchmarks":[137],"include":[139],"more":[140],"and":[142,145,154,184],"types;":[144],"(3)":[146],"fostering":[147],"developer":[148],"trust":[149],"by":[150],"incorporating":[151],"explainable":[152],"mechanisms":[153],"human":[155],"review.":[156],"As":[157],"an":[158],"emerging":[159],"result":[160],"substantial":[162],"impact,":[164],"embodies":[166],"early-stage":[168],"yet":[169],"paradigm-shifting":[170],"idea":[171],"on-the-fly":[173],"construction,":[175],"marking":[176],"its":[177],"promise":[178],"as":[179],"step":[181],"toward":[182],"scalable":[183],"effective":[185],"LLM-driven":[186],"penetration":[187],"testing.":[188]},"counts_by_year":[],"updated_date":"2026-07-09T05:54:32.042283","created_date":"2026-07-09T00:00:00"}
