Microsoft released as open-source the ‘CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator.
Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator. named ‘CyberBattleSim.’
“CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI Gym interface allows for training of automated agents using reinforcement learning algorithms.” reads the project description. “The simulation environment is parameterized by a fixed network topology and a set of vulnerabilities that agents can utilize to move laterally in the network. The goal of the attacker is to take ownership of a portion of the network by exploiting vulnerabilities that are planted in the computer nodes.”
CyberBattleSim allows to build a highly abstract simulation of complexity of computer systems, defenders could create their own challenges and use reinforcement learning to train autonomous agents into conducting decision-making by interacting with their environment.
The agents are used to simulate the behavior of both attackers and defenders and to analyzed how they evolve while operating the simulated environment.
The simulator was designed to support the analysis of the operations of autonomous agents in a simulated enterprise environment using a high-level abstraction of computer networks and cybersecurity concepts. It allows training the agents through a Python-based OpenAI Gym interface.
CyberBattleSim focuses on the lateral movement phase of a cyber-attack within a simulated fixed network with predefined vulnerabilities that could be triggered by the attackers, at the same time a collection of defender agents attempt to detect the malicious activity and mitigate the attack preventing the compromise.
“To perform well, agents now must learn from observations that are not specific to the instance they are interacting with. They cannot just remember node indices or any other value related to the network size. They can instead observe temporal features or machine properties,” concludes the post published by Microsoft.
“A potential area for improvement is the realism of the simulation. The simulation in CyberBattleSim is simplistic, which has advantages: Its highly abstract nature prohibits direct application to real-world systems, thus providing a safeguard against potential nefarious use of automated agents trained with it.”
[출처 : SecurityAffairs / 4.12.]