BGA Security tarafından her yıl yaklasık olarak 200’e yakın
sızma testi projesi gerçeklestirilmektedir. Bu projeler standart
olmayıp müsterilerin taleplerine göre farklı boyutlarda
olabilmektedir. Bu rapor yapılan çalışmalarda karşılaşılan zafiyetler ve istismar yöntemlerinin istatistiklerini paylaşmak amacıyla hazırlanmıştır.
BGA Security tarafından her yıl yaklasık olarak 200’e yakın
sızma testi projesi gerçeklestirilmektedir. Bu projeler standart
olmayıp müsterilerin taleplerine göre farklı boyutlarda
olabilmektedir. Bu rapor yapılan çalışmalarda karşılaşılan zafiyetler ve istismar yöntemlerinin istatistiklerini paylaşmak amacıyla hazırlanmıştır.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Adaptif Penetration(Sızma) Testleri - Sunum
1. Adaptif Penetration(Sızma) Testleri
1
1) Giriş
2) Penetration Test(Sızma Testi)
3) Problemler
4) Amaç
5) Pekiştirmeli Öğrenme(RL)
6) RL: İlk Yaklaşım→ NIG-AP Algoritması(Network İnformation Gain Based Automated
Attack Planning), MDP
7) RL: 2.nci Yaklaşım→ (Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL)),
MDP
8) RL: 3.üncü Yaklaşım→ IAPTS(Intelligent Automated Penetration Testing System),
POMDP
9) SONUÇLAR
10)KAYNAKLAR
HAMDİ SEVBEN
2. 2
Penetration Test(Sızma Testi)
Penetrasyon testi (veya pentesting), bilgisayar sistemlerinin ve ağlarının güvenliğini değerlendirmek için yaygın olarak
kullanılan, önemli metodolojilerden biridir[8].
Penetrasyon testi birkaç güvenlik testi türünden sadece biridir.
Wai, penetrasyon testini, kötü niyetli bilgisayar korsanları yerine güvenilir bir kişi tarafından gerçekleştirilen saldırı etkinliği
olarak tanımlamaktadır[9].
Geer ve Harthorne penetrasyon testini yasal bir şekilde yasadışı yollardan bir şey kazanma kabiliyeti olarak
yorumlamaktadır[9].
Pentest, saldırganlar tarafından kötüye kullanılabilecek güvenlik açıklıklarını bulmak için sisteme yetkili, kontrollü saldırılar
gerçekleştirmeyi kapsar. Bu yöntem, gerçek dünyadaki saldırganların pratikte ne yapacaklarının ya da yapabileceklerinin bir
simülasyonudur[3].
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
[8] Ge Chu and Alexei Lisitsa, 2019. Agent-based (BDI) modeling for automation of penetration testing.
[9] Norah Ahmed Almubairik and Gary Wills, 2016. Automated Penetration Testing Based on a Threat Model.
3. 3
Penetration Test(Sızma Testi)
Sistemlerin gittikçe artan oranda dağıtık yapıda olması, karmaşıklaşması ve farklı teknolojilerin bir arada
toplanması.
4. Güvenlik dinamik bir alan olup; sürekli yeni saldırılar, yeni metotlar ve yeni açıklıklar ortaya çıkmaktadır[3].
Uzman olmayanların düzenli ve sistematik güvenlik testleri gerçekleştirmesi zordur[10].
Para ve zaman açısından maliyetlidir, yeterli sayıda uzman personelin olmaması da büyük bir problemdir[9].
Sızma testi ekibi, bilgi ve uzmanlıklarına dayanarak bir sistemin güvenliğini makul bir şekilde inceler, ancak mevcut tüm
tehditleri kontrol edemeyebilirler. Öte yandan, görmezden gelinen tek bir tehdit bile tüm sistemi tehlikeye atabilir ve
sonunda olumsuz durumlara yol açabilir[9].
Manuel penetrasyon test süreciyle ilgili bir husus, tüm tehdit çeşitlerinin test edilmesinin pentesterlar için zaman alıcı ve
yorucu olmasıdır. Saldırı alanının önemli bir bölümünün araştırılmadan bırakılma olasılığı vardır. Dolayısıyla süreç, yoğun
emek gerektiren bir çalışma olduğu için pahalıdır[9].
Mevcut sistemler ve frameworkler, büyük varlıkların kapsamlı testini ve değerlendirmesini insan uzmanlar gibi aynı şekilde
otonom olarak gerçekleştiremez[2].
Core Impact, Nexpose, Nessus, Qualys, Tenable, Immunity Canvas ve Metasploit, mevcut toollar ve frameworkler, PT
çözümlerinden ziyade açıklık tarayıcılarıdır. Bilgi toplamadan istismara kadar tüm süreci kapsamazlar, nadiren vaat edilen
sadeliği ve kullanım esnekliği sunarlar. Otomasyon, uygulamanın planlanması, görevlerin organizasyonu,
optimizasyon/görselleştirme ve raporlama ile sınırlıdır[2].
4
Problemler
[2] Mohamed C. GHANEM and Thomas M. CHEN, 2018. Reinforcement Learning for Intelligent Penetration Testing.
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
[9] Norah Ahmed Almubairik and Gary Wills, 2016. Automated Penetration Testing Based on a Threat Model.
[10] Franz Wotawa, 2016. On the Automation of Security Testing.
5. Otomatik saldırı planlama, siber güvenlik ve akıllı planlama alanlarını içeren disiplinler arası bir alandır[1].
Düzenli ve sistematik test olanağı sunan, insan kaynaklarından tasarruf sağlayan sistemler tasarlamak[4].
Otomatik sistemler için ana zorluk; optimizasyon, yani sistem alakasız görevleri işleyerek aşırı zaman tüketmemelidir.
Aynı zamanda mevcut tüm tehditleri sistematik ve verimli bir şekilde kontrol ederek hiçbir tehdidin göz ardı edilmemesini
sağlamalıdır[1].
Nihai hedef, akıllı ve otomatik pentest gerçekleştirmede insan PT uzmanlarını taklit edebilen bir sistemdir. Sistem, uzman
tarafından kabul edilebilecek veya reddedilebilecek bulgular ve öneriler sunarak karmaşık durumlarla başa çıkmak için
uzmanla doğrudan etkileşime girebilmelidir[2].
Pratik açıdan, makine öğreniminin otomatik bir PT sistemine dahil edilmesi, yorgunluk, ihmal ve baskı nedeniyle
tekrarlanan insan hatalarını azaltacaktır. Ayrıca, farklı testleri verimli bir şekilde gerçekleştirerek zaman ve kaynak
kullanımını azaltacaktır. Otomasyon normal çalışma saatlerinden sonra çalışarak ağ tıkanıklığını ve kesinti süresini
azaltabilir[3].
5
Amaç
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
[2] Mohamed C. GHANEM and Thomas M. CHEN, 2018. Reinforcement Learning for Intelligent Penetration Testing.
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
[4] Carlos Sarraute, Olivier Buffet and Jörg Hoffmann, 2013. Penetration Testing == POMDP Solving?
6. 6
Pekiştirmeli Öğrenme(RL)
RL, agentın çevre ile etkileşime girerek önceki deneyimlerden öğrenmesini sağlar. RL ödülleri genellikle zamanla ertelenir ve agent
uzun vadeli bir hedefi en üst düzeye çıkarmaya çalışır[2].
Pekiştirmeli öğrenme (Sutton ve Barto, 1998) bir çeşit deneme yanılma algoritmasıdır. Agenta ne yapması gerektiği söylenmiyor,
ancak sayısal ödülle yönlendirilen eylemde bulunuyor[1].
Markov karar süreci denilen bir model kullanmaktadır. (S, A, R, T, γ) olarak gösterilebilir[1][2][3].
Bir RL sisteminin çevre ve agent dışında dört ana bileşeni vardır. Bunlar: politika π, ödül fonksiyonu R(s', a, s), değer fonksiyonu V(s)
ve çevre modeli T’dir [1][2][3].
RL'yi diğer AI planlama tekniklerine göre kullanmanın en önemli avantajı, exploitlerin ve ağın transition modeli hakkında
önceden bilgi sahibi olmayı gerektirmemesi ve dolayısıyla uygulamada çok genel olması, aynı algoritmanın mevcut değişen
sayıda exploitler ile farklı ağ topolojilerine ve konfigürasyonlarına uygulanabilmesidir.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
[2] Mohamed C. GHANEM and Thomas M. CHEN, 2018. Reinforcement Learning for Intelligent Penetration Testing.
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
7. 7
RL: İlk Yaklaşım→NIG-AP Algoritması
(Network İnformation Gain Based Automated Attack Planning)
Pekiştirmeli öğrenmenin amacı, kümülatif ödülü(1) en üst seviyeye çıkarmak için π(a|s) politikasını optimize etmektir.
Q-learning’te, bu işlem sırasındaki kümülatif ödül(2) yandaki gibi gösterilebilir:
Politika uzayı içerisinde, Q*(s, a) ≥ Qπ(s, a) 'yı karşıladığı bazı politikalar vardır, burada * en uygun politikadır.
Banach sabit nokta teoremine göre (Mnih ve diğerleri, 2013), Q(s, a) en uygun değerde yineleyecek, böylece, politika yinelemesinden sonra aşağıda gösterilen
formüle göre(4) en uygun politikayı çıkartabiliriz:
Pekiştirmeli öğrenmeye derin sinir ağı ekledikten sonra (Şekil b), derin pekiştirmeli öğrenme (DRL) olur (Mnih ve arkadaşları, 2015). Adam algoritması (Kingma
ve Ba, 2014) genellikle derin sinir ağı eğitmek için benimsenmiştir. Güncelleme formulü(5) aşağıdaki gibi gösterilir:
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
8. 8
RL: İlk Yaklaşım→NIG-AP Algoritması
MDP(Markov Karar Süreci)
Ayrıntılı host bilgisi [Pos, Papp , Pport , Ppro] vektörü olarak resmileştirilebilir.
Genel bir vektör göz önüne alındığında, kurban bilgisayarın ifşa durumunu temsil etmek için bilgi entropisi (Liang
ve shi, 2004) benimsenmiştir. Aşağıdaki gibi hesaplanır(6):
Ağ bilgi kazanımını (Lee ve Lee, 2006): ΔH = H(Pbefore) − H(Pafter) (7)
Ağ bilgi kazanımını hesaplamak için üç tür durum olacaktır:
Bir agentın bir eylemi için ödül r, r = rgain + rcost olup; rgain ve rcost olarak iki parçadan oluşur. rgain bilgi kazancı
olup, rcost eylem maliyetidir. Rcost formulü aşağıdaki gibi gösterilir:
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
9. 9
RL: İlk Yaklaşım→NIG-AP Algoritması
MDP(Markov Karar Süreci)
Penetrasyon testi, tipik bir Markov karar süreci (MDP) olarak görülebilir(11):
{S0, A0, R1, S1, A1, R2, . . . ,Si, Ai, Ri+1, . . . , Sn, An, Rn+1} (11)
Penetrasyon testi, denklem (1) olarak formulleştirilir, sınırlı bir süre içinde hedef hostlara nüfuz etmeyi amaçlar.
MDP'nin amacı, kümülatif kazanç Gt maksimize eden en iyi politika π’yi bulmaktır. (12) ile gösterilir:
max E[Gt | π] (12)
Bellman denklemine göre, spesifik bir bilgisayar için Q(s, a)’nın güncelleme formulü (13) deki gibi gösterilir:
Derin sinir ağının parametrelerini Q(s, a) ' ya uyacak şekilde güncellemek için Adam algoritması benimsenmiştir.
Güncelleme formulü (14) deki gibi gösterilir:
m
̂ t ve v
̂ t (15) ve (16) daki gibi hesaplanır:
Spesifik bir hostu bir ağ senaryosuna genişletmek için, tespit edilen bilgisayarları kaydetmek için gözlemlenen bir
bilgisayar seti Φ oluşturulur.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
(13)
(14)
(15)
(16)
10. 10
RL: İlk Yaklaşım→NIG-AP Algoritması
Deneyler
İlk olarak NIG-AP ile POMDP karşılaştırtılmıştır. Ayrıca NIG-AP, Q-learning optimizasyon algoritması NIG-AP(Q),
relative value iteration optimizasyon algoritması NIG-AP(RVI), value iteration algoritması NIG-AP(VI), policy
iteration algoritması NIG-AP(PI), modified policy iteration algoritması NIG-AP(PIM) ve value iteration Gerchberg-
Saxton algoritması NIG-AP(VIGS); gibi optimizasyon algoritmalarıyla beraber kullanılmıştır.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
11. 11
RL: İlk Yaklaşım→NIG-AP Algoritması
Deneyler
NIG-AP(VI), NIG-AP(RVI) ve NIG-AP(PIM) algortimalarI, NIG-AP(Q) ve NIG-AP(VIGS) algortimalarından daha iyi performans
gösterir.
14 durum için eğitim zamanı 0.5 saniye ile limitliyken; NIG-AP(VI), NIG-AP(RVI), NIG-AP(PI) ve NIG-AP(PIM) için 0.02 saniye ile
limitlidir.
Host sayısı 3’e ulaştığında APPL toolkiti problemi çözemez. Bu da POMDP’un verimliliğinin çok yavaş olduğunu, büyük
network senaryolarına genelleştirilemeyeceğini fakat NIG-AP’nin büyük network senaryolarında etkili bir şekilde saldırı
yollarını bulabileceğini gösterir.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
12. 12
RL: İlk Yaklaşım→NIG-AP Algoritması
Deneyler
Mevcut exploitlerin sayısının 10 ile sınırlandırıldığı, büyük bir network senaryosunda verimlilik
ölçümü aşağıdaki tablodaki gibidir.
NIG-AP, POMDP ve FF’e göre daha iyi performans göstermektedir.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
13. 13
RL: İlk Yaklaşım→NIG-AP Algoritması
Deneyler
Aşağıdaki grafik farklı algortimaların verimlilik oranlarını
göstermektedir.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
14. 14
RL: İlk Yaklaşım→NIG-AP Algoritması
Deneyler
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
NIG-AP daha az trafik üretirken, FF devasa network trafiği üretmiştir ve çok daha fazla dalgalanmıştır.
FF’in saniyedeki paket hızı 260 iken, NIG-AP’nin 190 ve FF’in ürettiği hata paketlerinin sayısı çok yüksektir.
Buda gösteriyor ki en verimli seçimin NIG-AP algortiması olduğudur.
15. 15
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL)
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
Bu çalışma için kullanılan eylem seçim stratejileri , ε-greedy ve üst düzey güven sınırı (UCB)(upper confidence bound)
eylem seçimidir.
ε-greedy eylem seçim stratejisi, ε olasılığı ile rastgele bir eylem seçerek ve zamanın geri kalanında mevcut en iyi eylemi
seçerek bunu yapar(1).
UCB eylem seçimi, eylem seçimi yaparken ekstra bir keşif terimi kullanır(2).
(1)
(2)
Değer güncelleme stratejisi için Q-learning'i kullanıyoruz. Q-learning, eylem durumu değerlerini öğrenmek için politika
dışı bir zamansal fark algoritmasıdır ve denklemdeki güncelleme fonksiyonu ile tanımlanır(3):
(3)
16. 16 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
Değer fonksiyonunun (Q (s, a)) aldığı iki ana seçenek vardır:
i) tabular ve ii) fonksiyon yaklaşımı.
Üç farklı Q-learning algoritmasından yararlanıyoruz:
*tabular Q-learning (tabular ε-greedy)
*tabular Q-learning (tabular UCB)
*deep Q-learning (DQL)
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL)
17. 17 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL) - Testler
Single-site ve standart network senaryoları için yakınsama, her üç algoritma için benzer sayıda bölümden sonra (single-
site için ~1000 bölüm ve standart ağ için ~150 bölüm) sonra meydana gelir.
Multi-site network senaryosu için, iki tabular algoritma için ~100 bölüm, DQL algoritması > 1000 bölüm ile
karşılaştırıldığında önemli ölçüde daha hızlı bir şekilde birleşir.
18. 18 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL) - Testler
DQL standart ağ için ~50 saniye ve single-site networkü için ~75 saniye sürerken; tabular yöntemler single-site ve standart
network senaryolarında <10 saniyede yakınsadı.
Multi-site network senaryosu için yakınsama süresi <25 saniye ile tüm algoritmalar için daha benzerdir, ancak DQL ~5
saniye ile en yavaş kalan oluyor.
19. 19 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL) - Testler
Tabular yöntemler DQL algoritmasından önemli ölçüde daha hızlıdır; Tabular ε-greedy, en kötü durumda DQL'den 50 kat daha fazla,
Tabular UCB ise en kötü durumda DQL'den 37 kat fazla performans gösterdi.
Bu fark, DQL Yapay Sinir Ağı hesaplamaları için gerekli ek hesaplama nedeniyle beklenmektedir. Tabular yöntemlerin artan hızı,
bölüm başına daha yavaş öğrenme oranını oluşturur ve hala test senaryolarında en iyi performansa sahip olmalarını sağlar.
20. 20 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL) - Testler
Üç RL agent, multi-site ve standart network senaryolarında rastgele olmaktan çok daha iyi performans gösterdi.
Single-site network senaryosu için, Tabular UCB ve DQL algoritmaları eşit derecede iyi veya daha iyi performans gösterirken,
Tabular ε-greedy agent aslında random agent’tan daha kötü performans gösterdi.
DQL algoritmasının performansı, farklı senaryolar arasında en tutarlı olanıdır.
21. 21 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL) - Testler
Ağdaki makinelerin sayıs 3'ten 43’e kadar 5’er arttırarak test edildi ve bu sırada erişilebilir servis sayısı 5'te tutuldu.
Performans, 18 makine içeren ağlara kadar her üç algoritma için random politikadan daha iyiydi.
18 makineden daha fazla test edilen ağlar için, DQL ve Tabular UCB algoritmalarının performansı hızla azaldı, ancak
her iki algoritma da 23 ve 28 makineli ağlar için senaryoların %50'sinden fazlasını randomdan daha iyi bir ortalama ödül
ile çözebildi.
Tabular ε-greedy için performans, 33 makineye kadar olan ağ için sürekli olarak yüksekti ve bundan sonra performans
43 makineli ağlar için random olandan daha kötüye düştü.
22. 22 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
RL: 2.nci Yaklaşım→ (MDP)
Tabular ε-greedy, Tabular UCB ve Deep Q-learning (DQL) - Testler
18 makineden oluşan sabit boyutlu bir networkte exploitlerin sayısının 5’er arttırımla 1'den 51'e kadar artırılmasının etkisi
ölçülmüştür. Test edilen tüm exploit sayıları için en uygun performansı sürdüren Tabular ε-greedy oldu.
Tabular UCB, optimum performanstan daha düşüktü, ancak istismarların sayısı arttıkça performans nispeten istikrarlı kaldı.
Test edilen tüm değerler için en çok etkilenen random karşılaştırılabilir performansa sahip olan DQL'dir.
Tabular RL algoritmalarının performansının, artan sayıda exploitten nispeten etkilenmediğini,
Tabular ε-greedy algoritmasının optimum performansa yakın olduğunu ve test edilen her senaryo konfigürasyonunun neredeyse
%100'ünü çözdüğünü gördük. Öte yandan, DQL'in performansı random bir politikadan çok daha iyi değildir.
23. 23 [3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
SONUÇLAR #1
Senaryolar, belirli sayıda makine içeren ağlarla sınırlıdır ve bu nedenle gerçek hayatta yüzlerce makinenin
olduğu büyük ticari ağlara kıyasla nispeten küçüktür. Özellikle, algoritmaları ağdaki makine sayısıyla ve
ayrıca agentların kullanabileceği exploit sayısı ile ölçeklendirme problemi vardır.
Agent’lara sadece iki dakikalık eğitim süresi verilmiştir. Bu nedenle, RL agent’larının daha fazla eğitim
süresi ile daha büyük boyuttaki problemlere uygulanmaları beklenebilir.
Başka bir sınırlama, yalnızca üç farklı ağ topolojisinin test edilmesidir; gerçek dünyada karşılaşılan olası
topolojiler sonsuzdur.
Bu ölçeklendirme deneylerine dayanarak, bu çalışmada kullanılan yaklaşımın büyük ağlara ve çok sayıda
exploite iyi ölçeklenemeyeceği anlaşılmaktadır.
Tabular RL algoritmaları, çok makineye sahip ağları ölçekleyememekle birlikte, eylem sayısı ile iyi
ölçeklenebilir.
DQL algoritmasına daha fazla eğitim süresi verilerek ve daha gelişmiş algoritmalar kullanarak, daha büyük
ağlara ölçeklendirmek mümkün olabilir, ancak bu yaklaşım artan sayıda eylemi iyi ölçekleyememektedir.
24. 24
SONUÇLAR #2
Güvenlik açıkları hakkında zamansal bilgileri planlama algoritmasına dahil etme, bir
güvenlik açığının zamanı ya da güncelliğini belirleyecektir. Örneğin, 0-day açıklığı,
penetrasyon testlerinde önceden keşfedilen güvenlik açıklarından çok daha kullanışlıdır.
Zamana göre ödül fonksiyonunu ayarlayarak, eğitim algoritması son eğitim örneklerine
yatkın yapılabilir.
Başka bir öneri, açıklıkları zaman damgasına göre sıralamak olabilir, böylece yeni
istismarlar her zaman ilk kabul edilir[1].
Diğer araştırma, saldırı şeması üretmek için transfer öğrenmeyi kullanmak olabilir.
Pentest bilgisi çeşitli senaryolarda benzer olduğundan, transfer öğrenmesi bize daha az
senaryo örneği ile bir agentı eğitmenin yolunu gösterir[1].
Tez konusu, makine öğrenmesi ve güncel diğer yaklaşım ve teknikleri
kullanarak 0-day tespiti üzerine yoğunlaşılacaktır.
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for automated penetration testing.
[2] Mohamed C. GHANEM and Thomas M. CHEN, 2018. Reinforcement Learning for Intelligent Penetration Testing.
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning.
devhunteryz.wordpress.com/2018/07/28/transfer-ogrenimi-transfer-learning/ , medium.com/@ayyucekizrak/derı̇ne-daha-derı̇ne-evrişimli-sinir-ağları-2813a2c8b2a9
25. 25
Kaynaklar
[1] Tian-yang ZHOU, Yi-chao ZANG, Jun-hu ZHU, Qing-xian WANG, 2019. NIG-AP: a new method for
automated penetration testing.
[2] Mohamed C. GHANEM and Thomas M. CHEN, 2018. Reinforcement Learning for Intelligent Penetration
Testing.
[3] Jonathon Schwartz, 2018. Autonomous Penetration Testing using Reinforcement Learning
[4] Carlos Sarraute, Olivier Buffet and Jörg Hoffmann, 2013. Penetration Testing == POMDP Solving?
[5] Carlos Sarraute, Olivier Buffet and Jörg Hoffmann, 2013. POMDPs Make Better Hackers:
Accounting for Uncertainty in Penetration Testing.
[6] Jörg Hoffmann, 2015. Simulated Penetration Testing: From “Dijkstra” to “Turing Test++”.
[7] Josip Bozic and Franz Wotawa, 2017. Planning the Attack! Or How to use AI in Security Testing?
[8] Ge Chu and Alexei Lisitsa, 2019. Agent-based (BDI) modeling for automation of penetration testing.
[9] Norah Ahmed Almubairik and Gary Wills, 2016. Automated Penetration Testing Based on a Threat Model.
[10] Franz Wotawa, 2016. On the Automation of Security Testing.
Kaynaklar
TEŞEKKÜRLER...