Microsoft has released an open source cyber-attack simulator that allows security and data researchers to create simulated network environments and see how to deal with cyber-intruders.
This simulator released under the name "CyberBattleSim" and was created using an Open AI Gym based Python interface. It was created by the team Microsoft 365 Defender Research to model how a threat agent spreads laterally, through a network, after its initial activation.
The Microsoft 365 Defender Research Team explains in a new blog post:
The environment consists of a network of computer nodes. It is configured by a fixed network topology and a set of predefined vulnerabilities that an attacker can exploit to move sideways through the network.
Ο στόχος του προσομοιωμένου εισβολέα εfiberι να αναλάβει την κυριότητα κάποιου μέρους του δικτύου, εκμεταλλευόμενος αυτές τις φυτευμένες ευπάθειες. Ενώ ο εισβολέας – προσομοιωτής κινείται μέσω του δικτύου, ένας ερευνητής των αμυντικών συστημάτων παρακολουθεί τη δραστηριότητα του δικτύου για να εντοπίσει την παρουσία του εισβολέα και να αποκρούσει την επίθεση”
To create their simulated environment, the researchers create various nodes in the network and will show that the services are running on each node as well as their vulnerabilities and how to protect the device.
They then develop automated agents in cyberspace (threat agents), where they select random actions to perform against the various nodes, in order to control them.
While many of these activities may trigger alerts in an XDR or SIEM system, Microsoft hopes that the security community can use this simulator to better understand how AI can analyze post-breach movements and better defend a network.
"With CyberBattleSim, we are simply scratching the surface of what we believe is a huge potential for implementing safety-enhancing learning. We invite researchers and data scientists to leverage our experimentation. We are excited to see this project expand and inspire new innovative ways of approaching security issues. ”- Microsoft.