{"id":"https://openalex.org/W7114910459","doi":"https://doi.org/10.1631/fitee.2500100","title":"Mind the Gap: towards generalizable autonomous penetration testing via domain randomization and meta-reinforcement learning","display_name":"Mind the Gap: towards generalizable autonomous penetration testing via domain randomization and meta-reinforcement learning","publication_year":2025,"publication_date":"2025-12-01","ids":{"openalex":"https://openalex.org/W7114910459","doi":"https://doi.org/10.1631/fitee.2500100"},"language":"en","primary_location":{"id":"doi:10.1631/fitee.2500100","is_oa":false,"landing_page_url":"https://doi.org/10.1631/fitee.2500100","pdf_url":null,"source":{"id":"https://openalex.org/S4210189857","display_name":"Frontiers of Information Technology & Electronic Engineering","issn_l":"2095-9184","issn":["2095-9184","2095-9230"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Frontiers of Information Technology &amp; Electronic Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Shicheng Zhou","orcid":"https://orcid.org/0000-0001-9686-3836"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]},{"id":"https://openalex.org/I4210125301","display_name":"Health Awareness (United States)","ror":"https://ror.org/03cc5yw72","country_code":"US","type":"company","lineage":["https://openalex.org/I4210125301"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Shicheng Zhou","raw_affiliation_strings":["Anhui Province Key Laboratory of Cyberspace Security Situation, Awareness and Evaluation, Hefei, 230037, China","College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China"],"raw_orcid":"https://orcid.org/0000-0001-9686-3836","affiliations":[{"raw_affiliation_string":"Anhui Province Key Laboratory of Cyberspace Security Situation, Awareness and Evaluation, Hefei, 230037, China","institution_ids":["https://openalex.org/I4210125301"]},{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jingju Liu","orcid":"https://orcid.org/0009-0005-9506-6903"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]},{"id":"https://openalex.org/I2802444338","display_name":"King Center","ror":"https://ror.org/03nxex423","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I2802444338"]},{"id":"https://openalex.org/I4210125301","display_name":"Health Awareness (United States)","ror":"https://ror.org/03cc5yw72","country_code":"US","type":"company","lineage":["https://openalex.org/I4210125301"]}],"countries":["CN","US"],"is_corresponding":true,"raw_author_name":"Jingju Liu","raw_affiliation_strings":["Anhui Province Key Laboratory of Cyberspace Security Situation, Awareness and Evaluation, Hefei, 230037, China","College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China","Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, 10084, China"],"raw_orcid":"https://orcid.org/0009-0005-9506-6903","affiliations":[{"raw_affiliation_string":"Anhui Province Key Laboratory of Cyberspace Security Situation, Awareness and Evaluation, Hefei, 230037, China","institution_ids":["https://openalex.org/I4210125301"]},{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China","institution_ids":["https://openalex.org/I170215575"]},{"raw_affiliation_string":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, 10084, China","institution_ids":["https://openalex.org/I2802444338"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yuliang Lu","orcid":"https://orcid.org/0000-0002-8502-9907"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]},{"id":"https://openalex.org/I4210125301","display_name":"Health Awareness (United States)","ror":"https://ror.org/03cc5yw72","country_code":"US","type":"company","lineage":["https://openalex.org/I4210125301"]}],"countries":["CN","US"],"is_corresponding":true,"raw_author_name":"Yuliang Lu","raw_affiliation_strings":["Anhui Province Key Laboratory of Cyberspace Security Situation, Awareness and Evaluation, Hefei, 230037, China","College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China"],"raw_orcid":"https://orcid.org/0000-0002-8502-9907","affiliations":[{"raw_affiliation_string":"Anhui Province Key Laboratory of Cyberspace Security Situation, Awareness and Evaluation, Hefei, 230037, China","institution_ids":["https://openalex.org/I4210125301"]},{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jiahai Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I2802444338","display_name":"King Center","ror":"https://ror.org/03nxex423","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I2802444338"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiahai Yang","raw_affiliation_strings":["Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, 10084, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, 10084, China","institution_ids":["https://openalex.org/I2802444338"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yue Zhang","orcid":"https://orcid.org/0009-0007-3570-2132"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yue Zhang","raw_affiliation_strings":["College of Computer Science and Technology, National University of Defense Technology, Changsha, 410073, China"],"raw_orcid":"https://orcid.org/0009-0007-3570-2132","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, National University of Defense Technology, Changsha, 410073, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"last","author":{"id":null,"display_name":"Jie Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jie Chen","raw_affiliation_strings":["College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, 230037, China","institution_ids":["https://openalex.org/I170215575"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I170215575","https://openalex.org/I2802444338","https://openalex.org/I4210125301"],"apc_list":null,"apc_paid":null,"fwci":2.325,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.92749973,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"26","issue":"12","first_page":"2511","last_page":"2528"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1306000053882599,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1306000053882599,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.12129999697208405,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.11959999799728394,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.6937999725341797},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.6478999853134155},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.44119998812675476},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4185999929904938},{"id":"https://openalex.org/keywords/adaptation","display_name":"Adaptation (eye)","score":0.39910000562667847},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.36820000410079956}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.769599974155426},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.6937999725341797},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6585000157356262},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.6478999853134155},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6272000074386597},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.44119998812675476},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4185999929904938},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.39910000562667847},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.36820000410079956},{"id":"https://openalex.org/C150899416","wikidata":"https://www.wikidata.org/wiki/Q1820378","display_name":"Transfer of learning","level":2,"score":0.34299999475479126},{"id":"https://openalex.org/C2776434776","wikidata":"https://www.wikidata.org/wiki/Q19246213","display_name":"Domain adaptation","level":3,"score":0.32330000400543213},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.29109999537467957},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.2874000072479248},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.2825999855995178},{"id":"https://openalex.org/C207685749","wikidata":"https://www.wikidata.org/wiki/Q2088941","display_name":"Domain knowledge","level":2,"score":0.27469998598098755},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.2628999948501587}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1631/fitee.2500100","is_oa":false,"landing_page_url":"https://doi.org/10.1631/fitee.2500100","pdf_url":null,"source":{"id":"https://openalex.org/S4210189857","display_name":"Frontiers of Information Technology & Electronic Engineering","issn_l":"2095-9184","issn":["2095-9184","2095-9230"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Frontiers of Information Technology &amp; Electronic Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W2605102758","https://openalex.org/W2736601468","https://openalex.org/W2788388592","https://openalex.org/W3088310808","https://openalex.org/W3100802376","https://openalex.org/W3155807546","https://openalex.org/W3163842339","https://openalex.org/W3199303841","https://openalex.org/W4221054774","https://openalex.org/W4246183800","https://openalex.org/W4307411952","https://openalex.org/W4310336120","https://openalex.org/W4313216096","https://openalex.org/W4315487473","https://openalex.org/W4317670814","https://openalex.org/W4353056919","https://openalex.org/W4383112908","https://openalex.org/W4386295467","https://openalex.org/W4387891985","https://openalex.org/W4389519059","https://openalex.org/W4391093136","https://openalex.org/W4392158010","https://openalex.org/W4392616852","https://openalex.org/W4393160933","https://openalex.org/W4399837985","https://openalex.org/W4402784347","https://openalex.org/W4403118443","https://openalex.org/W4403998770","https://openalex.org/W4404524763","https://openalex.org/W4405439851"],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,8,37,46,155,194,199],"increasing":[2],"number":[3],"of":[4,39,113],"vulnerabilities":[5],"exposed":[6],"on":[7,211],"Internet,":[9],"autonomous":[10,41,93,162],"penetration":[11],"testing":[12],"(pentesting)":[13],"has":[14],"emerged":[15],"as":[16],"a":[17,25,81,91,124,166],"promising":[18],"research":[19],"area.":[20],"Reinforcement":[21],"learning":[22,131,224],"(RL)":[23],"is":[24,54],"natural":[26],"fit":[27],"for":[28,173],"studying":[29],"this":[30],"topic.":[31],"However,":[32],"two":[33,195],"key":[34],"challenges":[35],"limit":[36],"applicability":[38],"RL-based":[40],"pentesting":[42,94,163],"in":[43,51,105,132,161,186,225,233,241],"real-world":[44],"scenarios:":[45],"training":[47,104],"environment":[48,175],"dilemma\u2014training":[49],"agents":[50,111],"simulated":[52],"environments":[53,107,135,188],"sample-efficient":[55],"while":[56,136],"ensuring":[57],"that":[58,127,219],"their":[59],"realism":[60],"remains":[61],"challenging;":[62],"poor":[63],"generalization":[64,83,143,184,200],"ability\u2014agents\u2019":[65],"policies":[66],"often":[67],"perform":[68],"poorly":[69],"when":[70],"transferred":[71],"to":[72,100,157,181],"unseen":[73,187],"scenarios,":[74],"with":[75,216],"even":[76],"slight":[77],"changes":[78],"potentially":[79],"causing":[80],"significant":[82],"gap.":[84],"To":[85],"address":[86],"both":[87],"challenges,":[88],"we":[89],"propose":[90,165],"generalizable":[92,110],"framework":[95],"termed":[96],"GAP,":[97],"which":[98],"aims":[99],"achieve":[101,229,237],"efficient":[102],"policy":[103,130,205,223,231,239],"realistic":[106,138,227],"and":[108,140,149,164,202,236],"train":[109],"capable":[112],"drawing":[114],"inferences":[115],"about":[116],"other":[117],"cases":[118],"from":[119],"one":[120],"instance.":[121],"GAP":[122,220],"introduces":[123],"real-to-sim-to-real":[125],"pipeline":[126],"enables":[128],"end-to-end":[129],"unknown":[133],"real":[134],"constructing":[137],"simulations":[139],"improves":[141,203],"agents\u2019":[142,183,204],"ability":[144,185],"by":[145,189],"leveraging":[146,190],"domain":[147,159,170],"randomization":[148,160,171],"meta-RL":[150,180],"learning.":[151],"We":[152,177],"are":[153,209],"among":[154],"first":[156],"apply":[158,179],"large":[167],"language":[168],"model-powered":[169],"method":[172],"synthetic":[174,191],"generation.":[176],"further":[178],"improve":[182],"environments.":[192,243],"Combining":[193],"methods":[196],"effectively":[197],"bridges":[198],"gap":[201],"adaptation":[206,240],"performance.":[207],"Simulations":[208],"conducted":[210],"various":[212,226],"vulnerable":[213],"virtual":[214],"machines,":[215],"results":[217],"showing":[218],"can":[221],"enable":[222],"environments,":[228,235],"zero-shot":[230],"transfer":[232],"similar":[234],"rapid":[238],"dissimilar":[242]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-13T06:13:01.061226","created_date":"2025-12-12T00:00:00"}