NORMA eResearch @NCI Library

Evaluating the Effectiveness of OpenAI a Dedicated Penetration Testing Chatbot in a Comparative Analysis of AI-Assisted and Manual Workflows

Vargas Bocanegra, Erik Raúl (2024) Evaluating the Effectiveness of OpenAI a Dedicated Penetration Testing Chatbot in a Comparative Analysis of AI-Assisted and Manual Workflows. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (1MB) | Preview

Abstract

Penetration testing, a fundamental cybersecurity practice, traditionally involves manual methods that require skilled professionals to identify and exploit system weaknesses. While effective, these manual approaches can be time-consuming. Recent advancements in Large Language Models, such as the OpenAI GPT series, offer a promising hybrid solution that combines automation efficiency with human precision. This study explores the integration of LLM-powered chatbots into penetration testing workflows, focusing on their effectiveness, efficiency, and usability. Through a comparative analysis of manual and chatbot-assisted workflows on retired Hack The Box (HTB) virtual machines, this research measures detection accuracy, false positive rates, task completion time, and exploitation success rates. Chatbot-assisted workflows exhibited higher detection accuracy (93% vs. 85%), lower false positive rates (9% vs. 14%), and significantly faster task completion times (28% reduction). Qualitative feedback highlighted the chatbot’s adaptability and iterative guidance, although limitations in handling novel vulnerabilities and domain-specific questions were observed. The findings suggest that LLM-based tools can significantly enhance penetration testing, especially for routine and structured tasks. However, human expertise remains essential for complex, non-standard scenarios. This research underscores the transformative potential of LLMs in advancing cybersecurity practices.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Spelman, Ross
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QH Natural history > QH301 Biology > Methods of research. Technique. Experimental biology > Data processing. Bioinformatics > Artificial intelligence
Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Artificial intelligence
P Language and Literature > P Philology. Linguistics > Computational linguistics. Natural language processing
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 28 Jul 2025 14:59
Last Modified: 28 Jul 2025 14:59
URI: https://norma.ncirl.ie/id/eprint/8274

Actions (login required)

View Item View Item