{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T22:21:06Z","timestamp":1767219666407,"version":"3.44.0"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T00:00:00Z","timestamp":1752796800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T00:00:00Z","timestamp":1752796800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"Sichuan Provincial Science and Technology Department regional innovation cooperation key project","award":["No.2025YFHZ0265"],"award-info":[{"award-number":["No.2025YFHZ0265"]}]},{"name":"Youth Science Foundation of Sichuan","award":["No.2025ZNSFSC1474"],"award-info":[{"award-number":["No.2025ZNSFSC1474"]}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"crossref","award":["No. 2024M752211"],"award-info":[{"award-number":["No. 2024M752211"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"crossref"}]},{"name":"key laboratory of data protection and intelligent management ministry of education","award":["SCUSACXYD202301"],"award-info":[{"award-number":["SCUSACXYD202301"]}]},{"name":"Sichuan Province Science and Technology Innovation Seedling Project","award":["No.MZGC20240056"],"award-info":[{"award-number":["No.MZGC20240056"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"DOI":"10.1007\/s11227-025-07656-2","type":"journal-article","created":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T06:20:39Z","timestamp":1752819639000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Automatic penetration testing model based on reinforcement learning for complex network environments"],"prefix":"10.1007","volume":"81","author":[{"given":"Yang","family":"Chen","sequence":"first","affiliation":[]},{"given":"Junjiang","family":"He","sequence":"additional","affiliation":[]},{"given":"Wenbo","family":"Fang","sequence":"additional","affiliation":[]},{"given":"Shenwen","family":"Yang","sequence":"additional","affiliation":[]},{"given":"Jiangchuan","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Tao","family":"Li","sequence":"additional","affiliation":[]},{"given":"Xiaolong","family":"Lan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,18]]},"reference":[{"key":"7656_CR1","unstructured":"Kaspersky (2023) Attacks on industrial sector hit record in second quarter of [Online]. Available: https:\/\/www.kaspersky.com\/about\/press-releases\/2023-attacks-on-industrial-sector-hit-record-in-second-quarter-of-2023"},{"key":"7656_CR2","unstructured":"Rapid7, metasploit-framework. Available: https:\/\/github.com\/rapid7\/metasploit-framework"},{"key":"7656_CR3","unstructured":"Greenbone, openvas-scanner. Available: https:\/\/github.com\/greenbone\/openvas-scanner"},{"key":"7656_CR4","unstructured":"Fortra C. Available: https:\/\/www.cobaltstrike.com"},{"key":"7656_CR5","unstructured":"EmpireProject, PowerShell Empire. Available: https:\/\/github.com\/EmpireProject\/Empire"},{"key":"7656_CR6","unstructured":"Network Monitor Tool. Penetration Testing Tools. [Online]. Available: https:\/\/www.coresecurity.com\/blog\/top-14-vulnerability-scanners-cybersecurity-professionals"},{"issue":"103055","key":"7656_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2022.103055","volume":"126","author":"J Chen","year":"2023","unstructured":"Chen J, Hu S, Zheng H, Xing C, Zhang G (2023) GAIL-PT: an intelligent penetration testing framework with generative adversarial imitation learning. Comput Secur 126(103055):1\u201320. https:\/\/doi.org\/10.1016\/j.cose.2022.103055","journal-title":"Comput Secur"},{"key":"7656_CR8","doi-asserted-by":"crossref","unstructured":"Wang P, Liu J, Zhong X, Yang G, Zhou S, Zhang Y (2022) DUSC-DQN: an improved deep Q-network for intelligent penetration testing path design. In: Proceedings of 7th International Conference and Communication System, pp 476\u2013480","DOI":"10.1109\/ICCCS55155.2022.9846482"},{"key":"7656_CR9","doi-asserted-by":"crossref","unstructured":"DeCusatis C, Peko P, Irving J, Teache M, Laibach C, Hodge J (2022) A framework for open source intelligence penetration testing of virtual health care systems. In: Proceedings of IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), pp 0760\u20130764","DOI":"10.1109\/CCWC54503.2022.9720785"},{"issue":"3","key":"7656_CR10","doi-asserted-by":"publisher","first-page":"862","DOI":"10.1109\/TR.2019.2940651","volume":"70","author":"M Chen","year":"2021","unstructured":"Chen M, Xiao N-C, Zuo MJ, Ding Y (2021) An efficient algorithm for finding modules in fault trees. IEEE Trans Reliab 70(3):862\u2013874. https:\/\/doi.org\/10.1109\/TR.2019.2940651","journal-title":"IEEE Trans Reliab"},{"key":"7656_CR11","doi-asserted-by":"crossref","unstructured":"Sheynner O, Haines J, Iha S, Lippmann R, Wing J (2002) Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp 273\u2013284","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"7656_CR12","doi-asserted-by":"crossref","unstructured":"Christ M, Yannakakis M (2023) The smoothed complexity of policy iteration for Markov decision processes. In: Proceedings of the 55th Annual ACM Symposium on Theory of Computing, pp 1890\u20131903","DOI":"10.1145\/3564246.3585220"},{"key":"7656_CR13","unstructured":"Schwartz J, Kurniawati H (2019) Autonomous penetration testing using reinforcement learning. arXiv preprint, arXiv:1905.05965"},{"issue":"6","key":"7656_CR14","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1109\/MIS.2014.94","volume":"29","author":"Z Wu","year":"2014","unstructured":"Wu Z, Pan G, Kurniawati H, Cichocki A (2014) Cyborg intelligence: towards bio-machine intelligent systems. IEEE Intell Syst 29(6):2\u20134. https:\/\/doi.org\/10.1109\/MIS.2014.94","journal-title":"IEEE Intell Syst"},{"key":"7656_CR15","doi-asserted-by":"crossref","unstructured":"Hu Z, Beuran R, Tan Y (2020) Automated penetration testing using deep reinforcement learning. In: Proceedings of IEEE IEEE European Symposium on Security and Privacy Workshops, pp 2\u201310","DOI":"10.1109\/EuroSPW51379.2020.00010"},{"key":"7656_CR16","doi-asserted-by":"crossref","unstructured":"Nguyen HV, Teerakanok S, Inomata A, Uehara T (2021) The proposal of double agent architecture using actor-critic algorithm for penetration testing. In: Proceedings of the 7th International Conference on Information Systems Security and Privacy, pp 440\u2013449","DOI":"10.5220\/0010232504400449"},{"key":"7656_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103358","volume":"132","author":"Q Li","year":"2023","unstructured":"Li Q, Zhang M, Shen Y, Wang R, Hu M, Li Y, Hao H (2023) A hierarchical deep reinforcement learning model with expert prior knowledge for intelligent penetration testing. Comput Secur 132:103358","journal-title":"Comput Secur"},{"key":"7656_CR18","unstructured":"MITRE, MITRE ATT & CK, [Online]. Available: https:\/\/attack.mitre.org\/"},{"key":"7656_CR19","doi-asserted-by":"publisher","unstructured":"Schulman J, Wolski F, Dhariwal P et al (2017) Proximal policy optimization algorithms. https:\/\/doi.org\/10.48550\/arXiv.1707.06347","DOI":"10.48550\/arXiv.1707.06347"},{"key":"7656_CR20","doi-asserted-by":"publisher","unstructured":"Pathak D, Agrawal P, Efros AA et al (2017) Curiosity-driven exploration by self-supervised prediction. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). IEEE, https:\/\/doi.org\/10.1109\/CVPRW.2017.70","DOI":"10.1109\/CVPRW.2017.70"},{"issue":"100219","key":"7656_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2019.100219","volume":"35","author":"HS Lallie","year":"2020","unstructured":"Lallie HS, Debattista K, Bal J (2020) A review of attack graph and attack tree visual syntax in cyber security. Comput Sci Rev 35(100219):1\u201327. https:\/\/doi.org\/10.1016\/j.cosrev.2019.100219","journal-title":"Comput Sci Rev"},{"key":"7656_CR22","unstructured":"Zhu N, Chen X-Y, Zhang Y-F, Xin S-Y (2008) Design and Application of Penetration Attack Tree Tree Model Oriented to Attack Resistance Test. Presented at the 2008 International Conference on Computer Science and Software Engineering, Wuhan, China, pp 12\u201314"},{"issue":"3","key":"7656_CR23","doi-asserted-by":"publisher","first-page":"1936","DOI":"10.1109\/TDSC.2020.3041999","volume":"19","author":"O Stan","year":"2022","unstructured":"Stan O, Bitton R, Ezrets M, Dadon M, Inokuchi M, Ohta Y et al (2022) Extending attack graphs to represent cyber-attacks in communication protocols and modern IT networks. IEEE TDSC 19(3):1936\u20131954. https:\/\/doi.org\/10.1109\/TDSC.2020.3041999","journal-title":"IEEE TDSC"},{"key":"7656_CR24","doi-asserted-by":"crossref","unstructured":"Sadlek L, \u010celeda P, Tovar\u0148\u00e1k D (2022) Identification of attack paths using kill chain and attack graphs. Presented at the NOMS 2022-2022 IEEE\/IFIP Network Operations and Management Symposium, Budapest, Hungary, pp 25\u201329","DOI":"10.1109\/NOMS54207.2022.9789803"},{"key":"7656_CR25","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1609\/icaps.v30i1.6666","volume":"30","author":"J Schwartz","year":"2020","unstructured":"Schwartz J, Kurniawati H, El-Masassni E (2020) POMDP + information-decay: incorporating defender\u2019s behaviour in autonomous penetration testing. Proc ICAPS 30:235\u2013243","journal-title":"Proc ICAPS"},{"key":"7656_CR26","doi-asserted-by":"crossref","unstructured":"Hu Z, Beuran R, Tan Y (2020) Automated penetration testing using deep reinforcement learning. Presented at the 2020 EuroS and PW, Genoa, Italy, pp 7\u201311","DOI":"10.1109\/EuroSPW51379.2020.00010"},{"issue":"103358","key":"7656_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2023.103358","volume":"132","author":"Q Li","year":"2023","unstructured":"Li Q, Zhang M, Shen Y, Wang R, Hu M, Li Y et al (2023) A hierarchical deep reinforcement learning model with expert prior knowledge for intelligent penetration testing. Comput Secur 132(103358):1\u201313. https:\/\/doi.org\/10.1016\/j.cose.2023.103358","journal-title":"Comput Secur"},{"issue":"102108","key":"7656_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2020.102108","volume":"100","author":"R Maeda","year":"2021","unstructured":"Maeda R, Mimura M (2021) Automating post-exploitation with deep reinforcement learning. Comput Secur 100(102108):1\u201311. https:\/\/doi.org\/10.1016\/j.cose.2020.102108","journal-title":"Comput Secur"},{"issue":"102204","key":"7656_CR29","first-page":"121","volume":"103","author":"F Caturano","year":"2021","unstructured":"Caturano F, Perrone G, Romano SP (2021) Discovering reflected cross-site scripting vulnerabilities using a multiobjective reinforcement learning environment. Comput Secur 103(102204):121\u2013132","journal-title":"Comput Secur"},{"issue":"102831","key":"7656_CR30","first-page":"1","volume":"120","author":"L Chen","year":"2022","unstructured":"Chen L, Tang C, He J, Zhao H, Lan X, Li T (2022) XSS adversarial example attacks based on deep reinforcement learning. Comput Secur 120(102831):1\u201313","journal-title":"Comput Secur"},{"key":"7656_CR31","doi-asserted-by":"crossref","unstructured":"Lee S, Wi S, Son S (2022) Link: black-box detection of cross-site scripting vulnerabilities using reinforcement learning. In: Proceedings of the ACM Web Conference 2022, pp 743\u2013754","DOI":"10.1145\/3485447.3512234"},{"key":"7656_CR32","unstructured":"CTF competition scenarios, Online Available: https:\/\/gitcode.com\/gh_mirrors\/gz\/GZCTF"},{"key":"7656_CR33","first-page":"1","volume":"326","author":"N Ilic","year":"2023","unstructured":"Ilic N, Dasic D, Vucetic M, Makarov A, Petrovic R (2023) Distributed web hacking by adaptive consensus-based reinforcement learning. Artif Intell 326:1\u201319","journal-title":"Artif Intell"},{"key":"7656_CR34","doi-asserted-by":"crossref","unstructured":"Shmaryahu D, Shani G, Hoffmann J, Steinmetz M (2018) Simulated penetration testing as contingent planning. In: Proceedings of the 28th International Conference on Automated Planning and Scheduling, vol 28, no 1, pp 241\u2013249","DOI":"10.1609\/icaps.v28i1.13902"},{"key":"7656_CR35","doi-asserted-by":"crossref","unstructured":"Schwartz J, Kurniawati H, EI-Mahassni E (2020) POMDP + information-decay: incorporating defender\u2019s behaviour in autonomous penetration testing. In: Proceedings of 38th International Conference on Automated Planning and Scheduling, vol 30(1), pp 235\u2013243","DOI":"10.1609\/icaps.v30i1.6666"},{"issue":"11","key":"7656_CR36","doi-asserted-by":"publisher","first-page":"7434","DOI":"10.1109\/TCOMM.2022.3211071","volume":"70","author":"Z Kuai","year":"2022","unstructured":"Kuai Z, Wang T, Wang S (2022) Fair virtual network function mapping and scheduling using proximal policy optimization. IEEE Trans Commun 70(11):7434\u20137445","journal-title":"IEEE Trans Commun"},{"key":"7656_CR37","unstructured":"Wu X, Guo W, Wei H, Xing X (2021) Adversarial policy training against deep reinforcement learning. In: Proceedings of 30th USENIX Security Symposium, pp 1883\u20131900"},{"key":"7656_CR38","unstructured":"Eysenbach B, Gupta A, lbarz J, Levine S (2018) Diversity is all you need: learning skills without a reward function. In: Proceedings of 36th International Conference on Machine Learning, vol 97, pp 5649\u20135660"},{"key":"7656_CR39","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/s10994-019-05845-8","volume":"109","author":"N Bougie","year":"2019","unstructured":"Bougie N, Ichise R (2019) Skill-based curiosity for intrinsically motivated reinforcement learning. Mach Learn 109:493\u2013512","journal-title":"Mach Learn"},{"key":"7656_CR40","doi-asserted-by":"publisher","first-page":"750","DOI":"10.1016\/j.ins.2022.07.111","volume":"609","author":"J Zhang","year":"2022","unstructured":"Zhang J, Zhang Z, Han S, Lue S (2022) Proximal policy optimization via enhanced exploration efficiency. Inf Sci 609:750\u2013765","journal-title":"Inf Sci"},{"key":"7656_CR41","doi-asserted-by":"publisher","first-page":"2280","DOI":"10.1109\/TKDE.2020.3006084","volume":"34","author":"J Ke","year":"2022","unstructured":"Ke J, Xiao F, Yang H, Ye J (2022) Learning to delay in ride-sourcing systems: a multi-agent deep reinforcement learning framework. IEEE Trans Knowl Data Eng 34:2280\u20132292","journal-title":"IEEE Trans Knowl Data Eng"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-07656-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-025-07656-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-025-07656-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T15:31:56Z","timestamp":1757259116000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-025-07656-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,18]]},"references-count":41,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["7656"],"URL":"https:\/\/doi.org\/10.1007\/s11227-025-07656-2","relation":{},"ISSN":["1573-0484"],"issn-type":[{"type":"electronic","value":"1573-0484"}],"subject":[],"published":{"date-parts":[[2025,7,18]]},"assertion":[{"value":"2 July 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 July 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"1169"}}