An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.

Overview

CyberBattleSim

April 8th, 2021: See the announcement on the Microsoft Security Blog.

CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI Gym interface allows for the training of automated agents using reinforcement learning algorithms.

The simulation environment is parameterized by a fixed network topology and a set of vulnerabilities that agents can utilize to move laterally in the network. The goal of the attacker is to take ownership of a portion of the network by exploiting vulnerabilities that are planted in the computer nodes. While the attacker attempts to spread throughout the network, a defender agent watches the network activity and tries to detect any attack taking place and mitigate the impact on the system by evicting the attacker. We provide a basic stochastic defender that detects and mitigates ongoing attacks based on pre-defined probabilities of success. We implement mitigation by re-imaging the infected nodes, a process abstractly modeled as an operation spanning over multiple simulation steps.

To compare the performance of the agents we look at two metrics: the number of simulation steps taken to attain their goal and the cumulative rewards over simulation steps across training epochs.

Project goals

We view this project as an experimentation platform to conduct research on the interaction of automated agents in abstract simulated network environments. By open-sourcing it, we hope to encourage the research community to investigate how cyber-agents interact and evolve in such network environments.

The simulation we provide is admittedly simplistic, but this has advantages. Its highly abstract nature prohibits direct application to real-world systems thus providing a safeguard against potential nefarious use of automated agents trained with it. At the same time, its simplicity allows us to focus on specific security aspects we aim to study and quickly experiment with recent machine learning and AI algorithms.

For instance, the current implementation focuses on the lateral movement cyber-attacks techniques, with the hope of understanding how network topology and configuration affects them. With this goal in mind, we felt that modeling actual network traffic was not necessary. This is just one example of a significant limitation in our system that future contributions might want to address.

On the algorithmic side, we provide some basic agents as starting points, but we would be curious to find out how state-of-the-art reinforcement learning algorithms compare to them. We found that the large action space intrinsic to any computer system is a particular challenge for Reinforcement Learning, in contrast to other applications such as video games or robot control. Training agents that can store and retrieve credentials is another challenge faced when applying RL techniques where agents typically do not feature internal memory. These are other areas of research where the simulation could be used for benchmarking purposes.

Other areas of interest include the responsible and ethical use of autonomous cyber-security systems: How to design an enterprise network that gives an intrinsic advantage to defender agents? How to conduct safe research aimed at defending enterprises against autonomous cyber-attacks while preventing nefarious use of such technology?

Documentation

Read the Quick introduction to the project.

Build status

Type Branch Status
CI master .github/workflows/ci.yml
Docker image master .github/workflows/build-container.yml

Benchmark

See Benchmark.

Setting up a dev environment

It is strongly recommended to work under a Linux environment, either directly or via WSL on Windows. Running Python on Windows directly should work but is not supported anymore.

Start by checking out the repository:

git clone https://github.com/microsoft/CyberBattleSim.git

On Linux or WSL

The instructions were tested on a Linux Ubuntu distribution (both native and via WSL). Run the following command to set-up your dev environment and install all the required dependencies (apt and pip packages):

./init.sh

The script installs python3.8 if not present. If you are running a version of Ubuntu older than 20, it will automatically add an additional apt repository to install python3.8.

The script will create a virtual Python environment under a venv subdirectory, you can then run Python with venv/bin/python.

Note: If you prefer Python from a global installation instead of a virtual environment then you can skip the creation of the virtual environment by running the script with ./init.sh -n. This will instead install all the Python packages on a system-wide installation of Python 3.8.

Windows Subsystem for Linux

The supported dev environment on Windows is via WSL. You first need to install an Ubuntu WSL distribution on your Windows machine, and then proceed with the Linux instructions (next section).

Git authentication from WSL

To authenticate with Git, you can either use SSH-based authentication or alternatively use the credential-helper trick to automatically generate a PAT token. The latter can be done by running the following command under WSL (more info here):

git config --global credential.helper "/mnt/c/Program\ Files/Git/mingw64/libexec/git-core/git-credential-manager.exe"

Docker on WSL

To run your environment within a docker container, we recommend running docker via Windows Subsystem on Linux (WSL) using the following instructions: Installing Docker on Windows under WSL).

Windows (unsupported)

This method is not maintained anymore, please prefer instead running under a WSL subsystem Linux environment. But if you insist you want to start by installing Python 3.8 then in a Powershell prompt run the ./init.ps1 script.

Getting started quickly using Docker

The quickest method to get up and running is via the Docker container.

NOTE: For licensing reasons, we do not publicly redistribute any build artifact. In particular, the docker registry spinshot.azurecr.io referred to in the commands below is kept private to the project maintainers only.

As a workaround, you can recreate the docker image yourself using the provided Dockerfile, publish the resulting image to your own docker registry and replace the registry name in the commands below.

Running from Docker registry

commit=7c1f8c80bc53353937e3c69b0f5f799ebb2b03ee
docker login spinshot.azurecr.io
docker pull spinshot.azurecr.io/cyberbattle:$commit
docker run -it spinshot.azurecr.io/cyberbattle:$commit cyberbattle/agents/baseline/run.py

Recreating the Docker image

docker build -t cyberbattle:1.1 .
docker run -it -v "$(pwd)":/source --rm cyberbattle:1.1 cyberbattle/agents/baseline/run.py

Check your environment

Run the following command to run a simulation with a baseline RL agent:

python cyberbattle/agents/baseline/run.py --training_episode_count 1 --eval_episode_count 1 --iteration_count 10 --rewardplot_with 80  --chain_size=20 --ownership_goal 1.0

If everything is setup correctly you should get an output that looks like this:

torch cuda available=True
###### DQL
Learning with: episode_count=1,iteration_count=10,ϵ=0.9,ϵ_min=0.1, ϵ_expdecay=5000,γ=0.015, lr=0.01, replaymemory=10000,
batch=512, target_update=10
  ## Episode: 1/1 'DQL' ϵ=0.9000, γ=0.015, lr=0.01, replaymemory=10000,
batch=512, target_update=10
Episode 1|Iteration 10|reward:  139.0|Elapsed Time: 0:00:00|###################################################################|
###### Random search
Learning with: episode_count=1,iteration_count=10,ϵ=1.0,ϵ_min=0.0,
  ## Episode: 1/1 'Random search' ϵ=1.0000,
Episode 1|Iteration 10|reward:  194.0|Elapsed Time: 0:00:00|###################################################################|
simulation ended
Episode duration -- DQN=Red, Random=Green
   10.00  ┼
Cumulative rewards -- DQN=Red, Random=Green
  194.00  ┼      ╭──╴
  174.60  ┤      │
  155.20  ┤╭─────╯
  135.80  ┤│     ╭──╴
  116.40  ┤│     │
   97.00  ┤│    ╭╯
   77.60  ┤│    │
   58.20  ┤╯ ╭──╯
   38.80  ┤  │
   19.40  ┤  │
    0.00  ┼──╯

Jupyter notebooks

To quickly get familiar with the project, you can open one of the provided Jupyter notebooks to play interactively with the gym environments. Just start jupyter with jupyter notebook, or venv/bin/jupyter notebook if you are using a virtual environment setup.

How to instantiate the Gym environments?

The following code shows how to create an instance of the OpenAI Gym environment CyberBattleChain-v0, an environment based on a chain-like network structure, with 10 nodes (size=10) where the agent's goal is to either gain full ownership of the network (own_atleast_percent=1.0) or break the 80% network availability SLA (maintain_sla=0.80), while the network is being monitored and protected by the basic probalistically-modelled defender (defender_agent=ScanAndReimageCompromisedMachines):

import cyberbattle._env.cyberbattle_env

cyberbattlechain_defender =
  gym.make('CyberBattleChain-v0',
      size=10,
      attacker_goal=AttackerGoal(
          own_atleast=0,
          own_atleast_percent=1.0
      ),
      defender_constraint=DefenderConstraint(
          maintain_sla=0.80
      ),
      defender_agent=ScanAndReimageCompromisedMachines(
          probability=0.6,
          scan_capacity=2,
          scan_frequency=5))

To try other network topologies, take example on chainpattern.py to define your own set of machines and vulnerabilities, then add an entry in the module initializer to declare and register the Gym environment.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Ideas for contributions

Here are some ideas on how to contribute: enhance the simulation (event-based, refined the simulation, …), train an RL algorithm on the existing simulation, implement benchmark to evaluate and compare novelty of agents, add more network generative modes to train RL-agent on, contribute to the doc, fix bugs.

See also the wiki for more ideas.

Citing this project

@misc{msft:cyberbattlesim,
  Author = {Microsoft Defender Research Team.}
  Note = {Created by Christian Seifert, Michael Betser, William Blum, James Bono, Kate Farris, Emily Goren, Justin Grana, Kristian Holsheimer, Brandon Marken, Joshua Neil, Nicole Nichols, Jugal Parikh, Haoran Wei.},
  Publisher = {GitHub},
  Howpublished = {\url{https://github.com/microsoft/cyberbattlesim}},
  Title = {CyberBattleSim},
  Year = {2021}
}

Note on privacy

This project does not include any customer data. The provided models and network topologies are purely fictitious. Users of the provided code provide all the input to the simulation and must have the necessary permissions to use any provided data.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Comments
  • Play the environment with other RL algorithms

    Play the environment with other RL algorithms

    Hi everyone, I'm interested in how the environment in this project performs under other reinforcement algorithms. But I'm new to reinforcement learning and not yet capable of implementing other reinforcement learning algorithms on my own. I noticed that algorithms such as Q-Learning and DQN have been implemented in the baselines directory. And the definition of the environment is quite different from some basic gym environments (e.g. CartPole), which made it difficult for me to understand. I wonder if it is possible to implement different RL algorithms in the environments of this project with the help of some RL algorithm libraries? (e.g. Stable-Baselines3, Keras-rl) I would greatly appreciate the help. Thank you

    opened by Screamer-Y 9
  • environment_generation.py not working properly

    environment_generation.py not working properly

    Environment instantiated with create_random_environment() from environment_generation.py is not working properly.

    Minimal code:

    from cyberbattle.simulation.environment_generation import create_random_environment
    import cyberbattle.simulation.commandcontrol as commandcontrol
    
    env = create_random_environment('test', 10)
    c2 = commandcontrol.CommandControl(env)
    c2.print_all_attacks()
    

    Exception:

    ---------------------------------------------------------------------------
    AssertionError                            Traceback (most recent call last)
    <ipython-input-3-b4d0a458d7ea> in <module>
          4 env = create_random_environment('test', 10)
          5 c2 = commandcontrol.CommandControl(env)
    ----> 6 c2.print_all_attacks()
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/commandcontrol.py in print_all_attacks(self)
        101     def print_all_attacks(self) -> None:
        102         """Pretty print list of all possible attacks from all the nodes currently owned by the attacker"""
    --> 103         return self._actuator.print_all_attacks()
        104 
        105     def run_attack(self,
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in print_all_attacks(self)
        542     def print_all_attacks(self) -> None:
        543         """Pretty print list of all possible attacks from all the nodes currently owned by the attacker"""
    --> 544         d.display(pd.DataFrame.from_dict(self.list_all_attacks()))  # type: ignore
        545 
        546 
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in list_all_attacks(self)
        525     def list_all_attacks(self) -> List[Dict[str, object]]:
        526         """List all possible attacks from all the nodes currently owned by the attacker"""
    --> 527         on_owned_nodes: List[Dict[str, object]] = [
        528             {'id': n['id'],
        529              'status': n['status'],
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in <listcomp>(.0)
        530              'properties': self._environment.get_node(n['id']).properties,
        531              'local_attacks': self.list_local_attacks(n['id']),
    --> 532              'remote_attacks': self.list_remote_attacks(n['id'])
        533              }
        534             for n in self.list_nodes() if n['status'] == 'owned']
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in list_remote_attacks(self, node_id)
        507     def list_remote_attacks(self, node_id: model.NodeID) -> List[model.VulnerabilityID]:
        508         """Return list of all remote attacks that may be executed onto the specified node."""
    --> 509         attacks: List[model.VulnerabilityID] = self.list_vulnerabilities_in_target(
        510             node_id, model.VulnerabilityType.REMOTE)
        511         return attacks
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in list_vulnerabilities_in_target(self, target, type_filter)
        149         target_node_data: model.NodeInfo = self._environment.get_node(target)
        150 
    --> 151         global_vuln: Set[model.VulnerabilityID] = {
        152             vuln_id
        153             for vuln_id, vulnerability in self._environment.vulnerability_library.items()
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in <setcomp>(.0)
        153             for vuln_id, vulnerability in self._environment.vulnerability_library.items()
        154             if (type_filter is None or vulnerability.type == type_filter)
    --> 155             and self._check_prerequisites(target, vulnerability)
        156         }
        157 
    
    ~/Documents/wrk/rrl/CyberBattleSim/notebooks/../cyberbattle/simulation/actions.py in _check_prerequisites(self, target, vulnerability)
        131         mapping = {i: ALGEBRA.TRUE if str(i) in node_flags else ALGEBRA.FALSE for i in expr.get_symbols()}
        132 
    --> 133         is_true: bool = cast(boolean.Expression, expr.subs(mapping)).simplify() == ALGEBRA.TRUE
        134         return is_true
        135 
    
    ~/miniconda3/envs/cyberbattle/lib/python3.8/site-packages/boolean/boolean.py in simplify(self, sort)
       1185         # Create new instance of own class with canonical args.
       1186         # TODO: Only create new class if some args changed.
    -> 1187         expr = self.__class__(*args)
       1188 
       1189         # Literalize before doing anything, this also applies De Morgan's Law
    
    ~/miniconda3/envs/cyberbattle/lib/python3.8/site-packages/boolean/boolean.py in __init__(self, arg1, arg2, *args)
       1466 
       1467     def __init__(self, arg1, arg2, *args):
    -> 1468         super(AND, self).__init__(arg1, arg2, *args)
       1469         self.identity = self.TRUE
       1470         self.annihilator = self.FALSE
    
    ~/miniconda3/envs/cyberbattle/lib/python3.8/site-packages/boolean/boolean.py in __init__(self, arg1, arg2, *args)
       1132 
       1133     def __init__(self, arg1, arg2, *args):
    -> 1134         super(DualBase, self).__init__(arg1, arg2, *args)
       1135 
       1136         # identity element for the specific operation.
    
    ~/miniconda3/envs/cyberbattle/lib/python3.8/site-packages/boolean/boolean.py in __init__(self, *args)
        943         self.operator = None
        944 
    --> 945         assert all(isinstance(arg, Expression) for arg in args), \
        946             'Bad arguments: all arguments must be an Expression: %r' % (args,)
        947         self.args = tuple(args)
    
    AssertionError: Bad arguments: all arguments must be an Expression: (FALSE, <class 'boolean.boolean._TRUE'>)
    

    I have traced the error to this potential_linux_vulns:

        "SudoCaching":
        model.VulnerabilityInfo(
            description="Escalating privileges from poorly configured sudo on linux/unix machines",
            type=model.VulnerabilityType.REMOTE,
            URL="https://attack.mitre.org/techniques/T1206/",
            precondition=model.Precondition(f"Linux&(~{ADMINTAG})"),
            outcome=model.AdminEscalation(),
            rates=model.Rates(0, 1.0, 1.0))
    

    The precondition is translated into AND(FALSE, NOT(FALSE)) which fails to be simplified with the boolean library. The used workaround in actions.py (from https://github.com/bastikr/boolean.py/issues/82) does not help:

    ALGEBRA.TRUE.dual = type(ALGEBRA.FALSE)
    ALGEBRA.FALSE.dual = type(ALGEBRA.TRUE)
    
    bug 
    opened by jaromiru 9
  • The repeated discovery of the same node via different methods leads to reward

    The repeated discovery of the same node via different methods leads to reward

    I noticed by generating a random CyberBattleRandom-v0 environment and using the agent with random actions, that if the same node is discovered with different methods (e.g., traceroute / shared files) it leads to a repeated reward.

    It seems as incorrect behaviour, because this way the agent is incentivized to repeatedly discover the same nodes with different actions.

    bug enhancement 
    opened by jaromiru 9
  • The instructions are incomplete or the project dependencies are not correct.

    The instructions are incomplete or the project dependencies are not correct.

    Branch: master

    Expected the following to produce output indicating the project is running:

    docker build -t cyberbattle:1.1 . docker run -it -v "$(pwd)":/source --rm cyberbattle:1.1 cyberbattle/agents/baseline/run.py

    Resulted in:

    Traceback (most recent call last): File "cyberbattle/agents/baseline/run.py", line 16, in import torch ModuleNotFoundError: No module named 'torch'

    opened by scsarver 9
  • data['kind'] missing & unexpected red agent behaviour

    data['kind'] missing & unexpected red agent behaviour

    Hi,

    I have modified the environment to include additional nodes / vulns / attack vectors, keeping things mostly the same with respect to environment generation; graph = graph.add_edge[(s, t), (port)] which models fine and AIGym seems happy with the change. The only difference in network generation is that I am using an erdos-renyi generator instead of the nx.stochastic_block_model included in environment_generation.py

    The issue is that when running the simulation, i'm met with two unexpected behaviors;

    1. KeyError: 'kind' from commandcontrol.py.

    This appears to fail randomly on certain nodes, but with no obvious pattern. For example, one play-through fails when data['kind'] from node 6 to node 3 is missing (default nodes, not ones I have added) which in-turn ends the simulation. E: Just to add, I guess i'm asking if there are any instances where a node wouldn't be assigned an EdgeAnnotation or is it likely something I've done that has broken something / not accounted for a change. This only seems to be an issue with the rendering of the network in network_as_plotly_traces(_) in cyberbattle_env.py and doesn't appear to affect the game.

    1. Red agent can try to exploit RDP / SMB in targets that it shouldn't be able to

    It seems that the attacker can try to exploit nodes it shouldn't be able to see. In the network, one node is selected to be a pivot point between other networks, this node has a single vulnerability allowing the pivot, with firewall settings set to block all. The red agent still appears to be able to scan this node for SMB / RDP from any node, and assigns them each EdgeAnnotation.REMOTE, which shouldn't be considered valid moves.

    Any advice on where to look would be greatly appreciated,

    Thanks

    bug 
    opened by Dawn-RL 8
  • Issues with random graph

    Issues with random graph

    Hi, I am working on generating the random graph and I found some logical issues with the random graph generation design (maybe).

    1. First, I think the add_leak_neighbors_vulnerability function in generate_network.py should not return library directly. Since it is a global dictionary, using it to assign the vulnerability will make all nodes share the same vulnerability outcomes which is not reasonable. It can be fixed by return return copy.deepcopy(library)
    2. Here the nodes except the entry node are iteratively assigned with vulnerabilities and services. However, some nodes may be assigned empty services before their corresponding access passwords are generated in the assigned_passwords. I fix this issue simply by repeating the loop.

    I am not familiar with network attacks, so would it be convenient for you to check whether the editions are right? Thx a lot.

    bug 
    opened by sherdencooper 8
  • Error Running Notebooks `NetworkXError: random_state_index is incorrect`

    Error Running Notebooks `NetworkXError: random_state_index is incorrect`

    This applies to several notebooks but using randomnetwork.ipynb as the example

    Running the first two cells results in a couple of errors.

    Cell contents

    traffic = g.generate_random_traffic_network(
        seed=1, n_clients=50, 
        n_servers={
                    "SMB": 15,
                    "HTTP": 15,
                    "RDP": 15,
                },
        alpha=np.array([(1, 1), (0.2, 0.5)], dtype=float),
        beta=np.array([(1000, 10), (10, 100)], dtype=float),
    )
    

    Ouptut from Cell

    ---------------------------------------------------------------------------
    IndexError                                Traceback (most recent call last)
    /usr/local/lib/python3.8/dist-packages/networkx/utils/decorators.py in _random_state(func, *args, **kwargs)
        451         try:
    --> 452             random_state_arg = args[random_state_index]
        453         except TypeError:
    
    IndexError: tuple index out of range
    
    During handling of the above exception, another exception occurred:
    
    NetworkXError                             Traceback (most recent call last)
    <ipython-input-2-d4d566484044> in <module>
    ----> 1 traffic = g.generate_random_traffic_network(
          2     seed=1, n_clients=50,
          3     n_servers={
          4                 "SMB": 15,
          5                 "HTTP": 15,
    
    /opt/CyberBattleSim/cyberbattle/simulation/generate_network.py in generate_random_traffic_network(n_clients, n_servers, seed, tolerance, alpha, beta)
         72 
         73         # sample edges using block models given edge probabilities
    ---> 74         di_graph_for_protocol = nx.stochastic_block_model(
         75             sizes=sizes, p=probs, directed=True, seed=seed)
         76 
    
    /usr/local/lib/python3.8/dist-packages/decorator.py in fun(*args, **kw)
        229             if not kwsyntax:
        230                 args, kw = fix(args, kw, sig)
    --> 231             return caller(func, *(extras + args), **kw)
        232     fun.__name__ = func.__name__
        233     fun.__doc__ = func.__doc__
    
    /usr/local/lib/python3.8/dist-packages/networkx/utils/decorators.py in _random_state(func, *args, **kwargs)
        454             raise nx.NetworkXError("random_state_index must be an integer")
        455         except IndexError:
    --> 456             raise nx.NetworkXError("random_state_index is incorrect")
        457 
        458         # Create a numpy.random.RandomState instance
    
    NetworkXError: random_state_index is incorrect
    
    opened by kevthehermit 7
  • PrivilegeEscalation marks nodes as owned, but doesn't reward agent with node value

    PrivilegeEscalation marks nodes as owned, but doesn't reward agent with node value

    Is it correct behavior to be able to "own" a node via PrivilegeEscalation, but not be rewarded for that node's value? It looks like the node value is never added to the reward unless it was owned via connect_to_remote_machine

    My use case is exploiting a remote vulnerability that yields Admin or System privilege. The node is marked as owned, but the agent doesn't receive the node value as a reward.

    bug 
    opened by forrestmckee 5
  • init.sh doesn't work

    init.sh doesn't work

    I've tried to clone the repo and setup CyberBattleSim on a windows machine running WSL2 with Ubuntu 20.04.3 LTS as well as a linux machine running Ubuntu 20.04.02 LTS. I follow the instructions in the readme and simply run ./init.sh

    This results in a venv being created and the libraries being downloaded, but seemingly not all are installed. There are several warnings and errors that occur during the execution of the script.

    If need be, I can post the output from my install attempt, but it's quite long.

    opened by forrestmckee 5
  • No attribute 'rewardplot_with'

    No attribute 'rewardplot_with'

    Hi,

    I have three errors to check my environment.

    After I set up the dev environment, I ran the following command:

    python cyberbattle/agents/baseline/run.py --training_episode_count 1 --eval_episode_count 1 --iteration_count 10 --rewardplot_width 80  --chain_size=20 --ownership_goal 1.0                                 ✘ 1
    

    1st error. ModuleNotFoundError: No module named 'asciichartpy'

    import cyberbattle
    >>> Traceback (most recent call last):
      File "/home/XXX/CyberBattleSim/cyberbattle/agents/baseline/run.py", line 20, in <module>
        import asciichartpy
    ModuleNotFoundError: No module named 'asciichartpy'
    

    To solve it, I installed 'asciichartpy'.

    2nd error. ModuleNotFoundError: No module named 'cyberbattle.agents.baseline'

    python cyberbattle/agents/baseline/run.py --training_episode_count 1 --eval_episode_count 1 --iteration_count 10 --rewardplot_width 80  --chain_size=20 --ownership_goal 1.0
    
    >>> 
    
    raceback (most recent call last):
      File "/home/XXX/CyberBattleSim/cyberbattle/agents/baseline/run.py", line 22, in <module>
        import cyberbattle._env.cyberbattle_env as cyberbattle_env
      File "<frozen zipimport>", line 259, in load_module
      File "/home/XXX/mambaforge/lib/python3.9/site-packages/loonshot_sim-0.1-py3.9.egg/cyberbattle/__init__.py", line 9, in <module>
      File "<frozen zipimport>", line 259, in load_module
      File "/home/XXX/mambaforge/lib/python3.9/site-packages/loonshot_sim-0.1-py3.9.egg/cyberbattle/agents/__init__.py", line 9, in <module>
    ModuleNotFoundError: No module named 'cyberbattle.agents.baseline'
    

    I stored "__init__.py" in "./cyberbattle/agents/baseline".

    3rd error. AttributeError: 'Namespace' object has no attribute 'rewardplot_with'

    torch cuda available=False
    ###### DQL
    Learning with: episode_count=1,iteration_count=10,ϵ=0.9,ϵ_min=0.1, ϵ_expdecay=5000,γ=0.015, lr=0.01, replaymemory=10000,
    batch=512, target_update=10
      ## Episode: 1/1 'DQL' ϵ=0.9000, γ=0.015, lr=0.01, replaymemory=10000,
    batch=512, target_update=10
    Episode 1|Iteration 10|reward:    9.0|last_reward_at:    6|Elapsed Time: 0:00:00|####################################################################################################################################################################################################|
      Episode 1 stopped at t=10
      Breakdown [Reward/NoReward (Success rate)]
        explore-local: 1/1 (0.50)
        explore-remote: 0/5 (0.00)
        explore-connect: 0/3 (0.00)
        exploit-local: 0/0 (NaN)
        exploit-remote: 0/0 (NaN)
        exploit-connect: 0/0 (NaN)
      exploit deflected to exploration: 1
                id      status properties              local_attacks              remote_attacks
    0        start       owned         []  [ScanExplorerRecentFiles]                          []
    1  1_LinuxNode  discovered        NaN                       None  [ProbeWindows, ProbeLinux]
    simulation ended
    ###### Random search
    Learning with: episode_count=1,iteration_count=10,ϵ=1.0,ϵ_min=0.0,
      ## Episode: 1/1 'Random search' ϵ=1.0000,
    Episode 1|Iteration 10|reward:    0.0|last_reward_at: ----|Elapsed Time: 0:00:00|####################################################################################################################################################################################################|
      Episode 1 stopped at t=10
      Breakdown [Reward/NoReward (Success rate)]
        explore-local: 0/0 (NaN)
        explore-remote: 0/10 (0.00)
        explore-connect: 0/0 (NaN)
        exploit-local: 0/0 (NaN)
        exploit-remote: 0/0 (NaN)
        exploit-connect: 0/0 (NaN)
      exploit deflected to exploration: 0
    simulation ended
    Episode duration -- DQN=Red, Random=Green
       10.00  ┼
    Cumulative rewards -- DQN=Red, Random=Green
    Traceback (most recent call last):
      File "/home/XXX/CyberBattleSim/cyberbattle/agents/baseline/run.py", line 120, in <module>
        c = p.averaged_cummulative_rewards(all_runs, args.rewardplot_with)
    AttributeError: 'Namespace' object has no attribute 'rewardplot_with'
    

    I'd be grateful if you could give me advice about these issues.

    Many thanks

    opened by snowyday 4
  • fixed an error in the function create_random_firewall_configuration() in model.py

    fixed an error in the function create_random_firewall_configuration() in model.py

    In "model.py" module, the firewall rules are to constructed by randomly choosing from the list of ports in the dict "Identifiers". But in the function "create_random_firewall_configuration()", the firewall rules are constructed by choosing random properties instead of ports. This error is noticed and fixed.

    opened by nmuppalla11 3
  • Consider designing defender as RL agent

    Consider designing defender as RL agent

    I'm curious if this project will follow up by designing defender as an agent that can be trained with reinforcement learning algorithms and how we will achieve this based on the existing environment? Thanks in advance.

    opened by Screamer-Y 0
  • Something wrong with the node's last owned time and last reimaged time?

    Something wrong with the node's last owned time and last reimaged time?

    Sorry to bother.

    I am wondering if class NodeTrackingInformation is not indicating the right occurrence time of the last attack?

    The time() func at line 248 and 671 in actions.py would set the nodes's last_reimaging_time and last_owned time to be '00:00:00'. So when the cyber attacker attempts to re-connect to a conquered but lately reimaged node, func __is_node_owned_history at line 483 would recognize the reimaged node as a currently owned node. Therefore the cyber attacker can never connect to a reimaged node successfully.

    Is it true, or am I mistaking something here😂?

    opened by Catalpae 0
  • Action_space dimensions formally too large

    Action_space dimensions formally too large

    Dear all,

    With latest update, which allowed to increase the number of maximum nodes using kwargs dict inside registry(...) function, the default parameters are 100 nodes, https://github.com/microsoft/CyberBattleSim/blob/4fd228bccfc2b088d911e27072a923251203cac8/cyberbattle/_env/cyberbattle_env.py#L390, which makes action_space for local, remote and connect to be especially large. Although, that does not change the logic of computing action_mask and set valid node id to be nax number of discovered nodes, internally vector is set to be too big.

    1. Question: I want to ask for the logic of change from using max_node_count parameter here https://github.com/microsoft/CyberBattleSim/blob/4fd228bccfc2b088d911e27072a923251203cac8/cyberbattle/_env/cyberbattle_env.py#L608, why we want to have option to enlarge the maximum nodes count using registry and this we had to change the value from inferred form initial_network to the one included in bounds for registry function?
    2. Solution: The workaround as I see can be simply to make this parameters maximum_node_count: int | None and then make if else logic for setting them equal to initial number of parameters from network (done in previous commits from main)
    opened by kvas7andy 0
  • Jupyter notebook run issue from docker container

    Jupyter notebook run issue from docker container

    Hi all,

    I have encountered issue when running jupyter notebook inside docker container. While forwarding the port from docker container, I still cannot connect to it from browser. It does not work both on local machine and remote server I use.

    Sample command is:

    git clone https://github.com/microsoft/CyberBattleSim.git
    cd CyberBattleSim
    nvidia-docker build -t cyberbattle:1.1 .
    nvidia-docker run -p 6789:8888 -it --name cyber_test cyberbattle:1.1 /bin/bash -c "jupyter notebook --no-browser --allow-root --port=8888"
    
    [browser] localhost:6789
    [Error] "Hmmm… can't reach this page\n Localhost refused to connect.
    
    opened by kvas7andy 2
  •  Correction of benchmark results

    Correction of benchmark results

    Hi everyone,

    Found several bugs while checking the code of ipynb notebooks with benchmark results for 3 environments TinyToy, ToyCTF, Chain.

    I think my findings might be useful for community, who uses this nice implementation of cyberattacks simulation.

    1. Issue 1: learner.epsilon_greedy_search(...) is often used for training agents with different algorithms, including DQL in the dql_run. However dql_exploit_run with input network dql_run as policy-agent and eval_episode_count parameter for the number of episodes, gives an impression that runs are used for evaluation of the trained DQN. The only distinguishable difference between 2 runs is epsilon queal to 0, which leads to exploitation mode of training, but does not exclude training, because during run with learner.epsilon_greedy_search the optimizer.step() is executed on each step of training in the file agent_dql.py, function call learner.on_step(...).
    1. Issue 2: During training each episode ends only within the maximum number of iterations, which is due to the mistype in AttackerGoal class. Default value for parameter own_atleast_percent: float 1.0 is included as condition with AND, for raising flag done = True, thus for TinyToy and ToyCTF (not Chain) leads to long duration of training, wrong RL signal for evaluating Q function and low sample-efficiency.
    1. Issue 3: ToyCTF benchmark is inaccurate, because with correct evaluation procedure, like with chain network configuration, agent does not reqch goal of 6 owned nodes after 200 training episodes.
    opened by kvas7andy 2
Owner
Microsoft
Open source projects and samples from Microsoft
Microsoft
A lightweight Python-based 3D network multi-agent simulator. Uses a cell-based congestion model. Calculates risk, loudness and battery capacities of the agents. Suitable for 3D network optimization tasks.

AMAZ3DSim AMAZ3DSim is a lightweight python-based 3D network multi-agent simulator. It uses a cell-based congestion model. It calculates risk, battery

Daniel Hirsch 13 Nov 4, 2022
FAIR's research platform for object detection research, implementing popular algorithms like Mask R-CNN and RetinaNet.

Detectron is deprecated. Please see detectron2, a ground-up rewrite of Detectron in PyTorch. Detectron Detectron is Facebook AI Research's software sy

Facebook Research 25.5k Jan 7, 2023
A complete end-to-end demonstration in which we collect training data in Unity and use that data to train a deep neural network to predict the pose of a cube. This model is then deployed in a simulated robotic pick-and-place task.

Object Pose Estimation Demo This tutorial will go through the steps necessary to perform pose estimation with a UR3 robotic arm in Unity. You’ll gain

Unity Technologies 187 Dec 24, 2022
In this project we investigate the performance of the SetCon model on realistic video footage. Therefore, we implemented the model in PyTorch and tested the model on two example videos.

Contrastive Learning of Object Representations Supervisor: Prof. Dr. Gemma Roig Institutions: Goethe University CVAI - Computational Vision & Artifici

Dirk Neuhäuser 6 Dec 8, 2022
Lightweight, Python library for fast and reproducible experimentation :microscope:

Steppy What is Steppy? Steppy is a lightweight, open-source, Python 3 library for fast and reproducible experimentation. Steppy lets data scientist fo

minerva.ml 134 Jul 10, 2022
Codes and models for the paper "Learning Unknown from Correlations: Graph Neural Network for Inter-novel-protein Interaction Prediction".

GNN_PPI Codes and models for the paper "Learning Unknown from Correlations: Graph Neural Network for Inter-novel-protein Interaction Prediction". Lear

Ursa Zrimsek 2 Dec 14, 2022
Point Cloud Denoising input segmentation output raw point-cloud valid/clear fog rain de-noised Abstract Lidar sensors are frequently used in environme

Point Cloud Denoising input segmentation output raw point-cloud valid/clear fog rain de-noised Abstract Lidar sensors are frequently used in environme

null 75 Nov 24, 2022
Fine-grained Control of Image Caption Generation with Abstract Scene Graphs

Faster R-CNN pretrained on VisualGenome This repository modifies maskrcnn-benchmark for object detection and attribute prediction on VisualGenome data

Shizhe Chen 7 Apr 20, 2021
Graph Self-Attention Network for Learning Spatial-Temporal Interaction Representation in Autonomous Driving

GSAN Introduction Code for paper GSAN: Graph Self-Attention Network for Learning Spatial-Temporal Interaction Representation in Autonomous Driving, wh

YE Luyao 6 Oct 27, 2022
Genetic Algorithm, Particle Swarm Optimization, Simulated Annealing, Ant Colony Optimization Algorithm,Immune Algorithm, Artificial Fish Swarm Algorithm, Differential Evolution and TSP(Traveling salesman)

scikit-opt Swarm Intelligence in Python (Genetic Algorithm, Particle Swarm Optimization, Simulated Annealing, Ant Colony Algorithm, Immune Algorithm,A

郭飞 3.7k Jan 3, 2023
A 35mm camera, based on the Canonet G-III QL17 rangefinder, simulated in Python.

c is for Camera A 35mm camera, based on the Canonet G-III QL17 rangefinder, simulated in Python. The purpose of this project is to explore and underst

Daniele Procida 146 Sep 26, 2022
A framework for analyzing computer vision models with simulated data

3DB: A framework for analyzing computer vision models with simulated data Paper Quickstart guide Blog post Installation Follow instructions on: https:

3DB 112 Jan 1, 2023
"Reinforcement Learning for Bandit Neural Machine Translation with Simulated Human Feedback"

This is code repo for our EMNLP 2017 paper "Reinforcement Learning for Bandit Neural Machine Translation with Simulated Human Feedback", which implements the A2C algorithm on top of a neural encoder-decoder model and benchmarks the combination under simulated noisy rewards.

Khanh Nguyen 131 Oct 21, 2022
Trained on Simulated Data, Tested in the Real World

Trained on Simulated Data, Tested in the Real World

livox 43 Nov 18, 2022
Simulated garment dataset for virtual try-on

Simulated garment dataset for virtual try-on This repository contains the dataset used in the following papers: Self-Supervised Collision Handling via

null 33 Dec 20, 2022
PINN Burgers - 1D Burgers equation simulated by PINN

PINN(s): Physics-Informed Neural Network(s) for Burgers equation This is an impl

ShotaDEGUCHI 1 Feb 12, 2022
Research Artifact of USENIX Security 2022 Paper: Automated Side Channel Analysis of Media Software with Manifold Learning

Manifold-SCA Research Artifact of USENIX Security 2022 Paper: Automated Side Channel Analysis of Media Software with Manifold Learning The repo is org

Yuanyuan Yuan 172 Dec 29, 2022
A modular framework for vision & language multimodal research from Facebook AI Research (FAIR)

MMF is a modular framework for vision and language multimodal research from Facebook AI Research. MMF contains reference implementations of state-of-t

Facebook Research 5.1k Jan 4, 2023
gym-anm is a framework for designing reinforcement learning (RL) environments that model Active Network Management (ANM) tasks in electricity distribution networks.

gym-anm is a framework for designing reinforcement learning (RL) environments that model Active Network Management (ANM) tasks in electricity distribution networks. It is built on top of the OpenAI Gym toolkit.

Robin Henry 99 Dec 12, 2022