International Journal of Open Information Technologies

This paper presents an algorithm that automates penetration testing of information systems through the introduction of an LLM-based agent. The algorithm constructs an attack vector at the level of techniques that adversaries may execute, expressed in the MITRE ATT&CK framework notation. The algorithm’s accuracy is improved by incorporating information about related attacker techniques and by adding context about the target information system. Relationships between techniques were derived using association rules and the FP-Growth algorithm based on a dataset containing real-world cyberattack scenarios.

A. O. Kalashnikov, E. V. Anikina, G. A. Ostapenko and V. I. Borisov, “The impact of new technologies on the information security of critical information infrastructure,” Information and Security, Vol. 22. No. 2, 2019.

S. Sarkar, “A Study on Cybersecurity Standards for Power Systems // Advanced Power System Standards and Practices,” pp. 429–450, 2013, doi: 10.1007/978-3-031-20360-2_18.

R. Beuran, “Cybersecurity Awareness Training,” Cutting-Edge Advances in Cybersecurity Education and Training, pp. 153–170, 2025, doi: 10.1007/978-981-96-0555-2_8.

How software testing saves billions. – Online resource. Available: https://tproger.ru/articles/ekonomim-milliardy-rol-testirovaniya-v-razrabotke-programmnogo-obespecheniya.

XBOW Unleashes GPT-5’s Hidden Hacking Power, Doubling Performance. Available: https://xbow.com/blog/gpt-5.

Despite progress, neural networks more often produce fake answers. Available: https://www.gazeta.ru/tech/news/2025/09/06/26667170.shtml.

S. V. Kuznetsov, D. A. Pelekhov and V. V. Novlyansky, “The role of artificial intelligence in detection and prevention of cyberattacks,” Science and Reality, No. 2 (18), pp. 57–60, 2024.

A. Sreejith and K. Swarup, “MITRE ATT&CK for Smart Grid Cyber-Security,” Smart Grid Security and Privacy, pp. 59–73, 2024, doi: 10.1007/978-981-97-1302-8_5.

D. E. Namiot and E. A. Ilyushin, “Architecture of LLM agents.” International Journal of Open Information Technologies, Vol. 13, No. 1, pp. 64-74, 2025. Available: http://injoit.org/index.php/j1/article/view/2057.

D. E. Namiot, “What LLM knows about cybersecurity,” International Journal of Open Information Technologies, Vol. 13, No. 7, pp. 37-46, 2025. Available: http://injoit.org/index.php/j1/article/view/2214.

A. V. Savkina, “Comparative analysis of free AI assistants: Poe, DeepSeek, GPT-3.5,” Vestnik Nauki i Obrazovaniya, No. 7-2(162), pp. 15-19, 2025, doi: 10.24411/2312-8089-2025-10702.

I. A. Olyanich, “Comparison of algorithms for constructing association rules based on a dataset of customer transactions,” Izvestia of Samara Scientific Center of the Russian Academy of Sciences, No. 6-2, pp. 379-382, 2018. Available: https://www.ssc.smr.ru/media/journals/izvestia/2018/2018_6_379_382.pdf.

H. Hery, A. Widjaja, “Analysis of Apriori and FP-Growth Algorithms for Market Basket Insights: A Case Study of The Bread Basket Bakery Sales,” Journal of Digital Market and Digital Currency, No. 1, pp. 63–83, 2024, doi: 10.47738/jdmdc.v1i1.2.

M. Rosadi and M. Hasibuan, “Comparison of Apriori and FP-Growth Algorithms in Analyzing Association Rules,” PIKSEL, No. 12(2), pp. 399–408, 2024, doi: 10.33558/piksel.v12i2.9965.

P. Majumdar, “Apriori Algorithm for Engineers,” Zenodo, 2024, doi: 10.5281/zenodo.14566774.

E. O. Khramshina and A. V. Prutzkow, “Association rules mining with three-dimensional data structure,” International Journal of Open Information Technologies, Vol. 8, No. 8, pp. 8-12, 2020, Available: http://injoit.org/index.php/j1/article/view/972.

S. Sarkar, S. Dey, S. Goswami, S. Bhunia, S. Mukhoty and S. Dutta, “Comparative Analysis of Performance in FP-Growth and Apriori Algorithm,” American Journal of Electronics & Communication, No. 4, pp. 9–13, 2023, doi: 10.15864/ajec.4103.