Microsoft has released an open source cyber-attack simulator that allows security and data researchers to create simulated network environments and see how to deal with cyber-intruders.
he simulator released under the name "CyberBattleSim" and was created using an Open AI Gym interface based on Python. It was created by the Microsoft 365 Defender Research team to model how a threat factor is spread laterally across a network after it was first activated.
The Microsoft 365 Defender Research Team explains in a new blog post:
The environment consists of a network of computer nodes. It is configured by a fixed network topology and a set of predefined vulnerabilities that an attacker can exploit to move sideways through the network.
The goal of the simulated intruder is to take ownership of part of the network, exploiting these planted vulnerabilities. "While the intruder - simulator moves through the network, a defense systems researcher monitors the activity of the network to detect the presence of the intruder and repel the attack."
To create their simulated environment, the researchers create various nodes in the network and will show the services running on each node as well as their vulnerabilities and how protectionher devices.
They then develop automated agents in cyberspace (threat agents), where they select random actions to perform against the various nodes, in order to control them.
Παρόλο που πολλές από αυτές τις δραστηριότητες ενδέχεται να προκαλέσουν ειδοποιήσεις σε ένα σύστημα XDR ή SIEM, η Microsoft ελπίζει ότι η κοινότητα ασφαλείας μπορεί να χρησιμοποιήσει αυτόν τον προσομοιωτή για να κατανοήσει καλύτερα πώς η AI μπορεί να αναλύσει κινήσεις μετά την infringement and better defend a network.
“With CyberBattleSim, we're just scratching the surface of what we believe is enormous potential for it application reinforcement learning in security. We invite researchers and data scientists to leverage our experimentation. We are excited to see this project expand and inspire new innovative ways to approach security problems. ” – Microsoft.