| Issue |
Security and Safety
Volume 4, 2025
Security and Safety in Network Simulation and Evaluation
|
|
|---|---|---|
| Article Number | 2025006 | |
| Number of page(s) | 14 | |
| Section | Information Network | |
| DOI | https://doi.org/10.1051/sands/2025006 | |
| Published online | 28 July 2025 | |
Research Article
ShotFlex: A reinforcement learning-based cyber attack path generation method for cybersecurity evaluation
1
Department of New Networks, Peng Cheng Laboratory, Shenzhen, 518000, China
2
Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen, 518055, China
* Corresponding authors (email: This email address is being protected from spambots. You need JavaScript enabled to view it.
(Yan Jia); email: This email address is being protected from spambots. You need JavaScript enabled to view it.
(Yangyang Mei))
Received:
28
February
2025
Revised:
9
May
2025
Accepted:
8
July
2025
Abstract
Penetration testing is an important method for discovering hidden vulnerabilities and attack paths in network systems, which is of great significance for evaluating network security. However, traditional penetration testing methods can only be carried out by security analysts, and the results are unstable, requiring extra time and money. Automated penetration testing can effectively reduce reliance on manual efforts. Automated attack planning, as one of the most critical components, has garnered widespread attention from researchers. Although previous studies have explored a variety of methods to mine attack paths, most of them require prior knowledge of the network topology, which contradicts reality and thus lacks application value. To automatically find the best potential attack path in complex and unknown networks from the hacker’s perspective, this paper proposes ShotFlex: a reinforcement learning-based method that uses a quantifiable method to evaluate host and obtain rewards, which guides the agent to choose the best response action to discover attack paths from the intruder’s perspective. ShotFlex also introduces a pruning strategy based on prior knowledge to accelerate path generation. Experimental results reveal that ShotFlex can combine current information to provide an effective decision and significantly improve the efficiency of penetration testing.
Key words: Cyber attack path generation / Cybersecurity evaluation / Reinforcement learning
Citation: Yu Z, Jia Y, Han W, Zhang J, Yang M and Mei Y. ShotFlex: A reinforcement learning-based cyber attack path generation method for cybersecurity evaluation. Security and Safety 2025; 4: 2025006. https://doi.org/10.1051/sands/2025006
© The Author(s) 2025. Published by EDP Sciences and China Science Publishing & Media Ltd.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.