Microsoft has released an open source cyber-attack simulator that allows security and data researchers to create simulated network environments and see how to deal with cyber-intruders.
This simulator released under the name "CyberBattleSim" and was created using an Open AI Gym interface based on Python. It was created by the Microsoft 365 Defender Research team to model how a threat factor is spread laterally across a network after it was first activated.
H Microsoft 365 Defender Research Team explains in a new blog post:
The environment consists of a network of computer nodes. It is configured by a fixed network topology and a set of predefined vulnerabilities that an attacker can exploit to move sideways through the network.
The goal of the simulated intruder is to take ownership of part of the network, exploiting these planted vulnerabilities. "While the intruder - simulator moves through the network, a defense systems researcher monitors the activity of the network to detect the presence of the intruder and repel the attack."
To create their simulated environment, the researchers create various nodes in the network and will show that the services are running on each node as well as their vulnerabilities and how to protect the device.
They then develop automated agents in cyberspace (threat agents), where they select random actions to perform against the various nodes, in order to control them.
While many of these activities may trigger alerts in an XDR or SIEM system, Microsoft hopes that the security community can use this simulator to better understand how AI can analyze post-breach movements and better defend a network.
"With CyberBattleSim, we are simply scratching the surface of what we believe is a huge potential for implementing safety-enhancing learning. We invite researchers and data scientists to leverage our experimentation. We are excited to see this project expand and inspire new innovative ways of approaching security issues. ”- Microsoft.