Website hacking is a frequent attack type used by malicious actors to obtain confidential information, modify the integrity of web pages or make websites unavailable. The tools used by attackers are becoming more and more automated and sophisticated, and malicious machine learning agents seems to be the next development in this line. In order to provide ethical hackers with similar tools, and to understand the impact and the limitations of artificial agents, we present in this paper a model that formalizes web hacking tasks for reinforcement learning agents. Our model, named Agent Web Model, considers web hacking as a capture-the-flag style challenge, and it defines reinforcement learning problems at seven different levels of abstraction. We discuss the complexity of these problems in terms of actions and states an agent has to deal with, and we show that such a model allows to represent most of the relevant web vulnerabilities. Aware that the driver of advances in reinforcement learning is the availability of standardized challenges, we provide an implementation for the first three abstraction layers, in the hope that the community would consider these challenges in order to develop intelligent web hacking agents.

中文翻译：

---

代理网络模型——为强化学习建模网络黑客

网站黑客攻击是恶意行为者用来获取机密信息、修改网页完整性或使网站不可用的常见攻击类型。攻击者使用的工具变得越来越自动化和复杂，恶意机器学习代理似乎是这方面的下一个发展方向。为了向道德黑客提供类似的工具，并了解人工代理的影响和局限性，我们在本文中提出了一个模型，该模型将强化学习代理的网络黑客任务形式化。我们的模型名为 Agent Web 模型，将网络黑客视为一种夺旗式挑战，并在七个不同的抽象层次上定义了强化学习问题。我们从代理必须处理的动作和状态的角度讨论这些问题的复杂性，我们展示了这样的模型可以代表大多数相关的网络漏洞。意识到强化学习进步的驱动力是标准化挑战的可用性，我们为前三个抽象层提供了一个实现，希望社区能够考虑这些挑战以开发智能网络黑客代理。