Home // SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Towards Automated Penetration Testing Using Inverse Soft-Q Learning

Authors:
Dongfang Song
Yuhong Li
Ala Berzinji
Elias Seid

Keywords: penetration testing; deep reinforcement learning; imitation learning; inverse soft-Q learning; PT-ISQL.

Abstract:
Penetration testing (pentesting), a proactive defensive practice for identifying vulnerabilities and supporting cybersecurity management, has traditionally been conducted manually due to its heavy reliance on specialized knowledge of human experts. In this paper, we propose PT-ISQL, an automated PenTesting approach based on Inverse Soft-Q Learning (ISQL), an imitation learning algorithm that enables efficient policy learning from expert demonstrations. PT-ISQL trains an agent to take optimal actions when interacting with the pentesting environment by effectively mimicking expert behavior. Our evaluation shows that PT-ISQL achieves high performance using significantly fewer expert demonstrations compared with generative adversarial imitation learning approaches. Furthermore, it demonstrates faster convergence, improved stability, and reduced training overhead. These results suggest that PT-ISQL is a promising and practical solution for scalable, automated penetration testing.

Pages: 62 to 68

Copyright: Copyright (c) IARIA, 2025

Publication date: October 26, 2025

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-306-4

Location: Barcelona, Spain

Dates: from October 26, 2025 to October 30, 2025