| In this thesis we discuss our research in incorporating Machine Learning into network attack automation. The key idea is to audit the traffic between the attacker and the target machine, then apply Decision Tree Learning methods on the audit data to generate a set of rules, and create a smart attacker that is guided by those rules and is capable of launching attack sequence according to the response from the target machine. By conducting experiments on Linux platform, we constructed a framework named Auto Red Team ( ART) that audits traffic, compose training data, and generate an smart attacker by feeding those training data into a Decision Learning Tree model. Experiments shows that the ART can realize an effective and accurate attack automation. Beside basic data analysis on the experiment data, we also apply a statistical method, Principle Component Analysis on the experiment data to verify the generated rules. Although the Principle Component Analysis can not completely explain the rules by the Decision Tree module, some convincing explanations on the relationship between those rules and certain Principal Components were given. |
