Microsoft revealed this week that the Python code for “CyberBattleSim,” a research toolkit for simulating complex computer systems, is now open source.
The experimental research project was created to assist in the study of how “autonomous agents function in a virtual business environment using high-level abstraction of computer networks and cybersecurity concepts,” in order to advance artificial intelligence and machine learning.
CyberBattleSim supports the training of automated agents via the Python-based OpenAI Gym interface. Defenders may use reinforcement learning algorithms and set up different cybersecurity problems in the simulated environments.
According to Microsoft, reinforcement learning is a form of machine learning that teaches autonomous agents to make decisions based on their interactions with the environment: agents improve strategies through repeated practise, similar to how you might improve at a video game by playing it over and over.
Reinforcement learning in software security entails the use of agents that function as attackers and defenders, as well as the study of their behaviour in a simulated environment. The attacker’s goal is to steal information, while the attacker’s goal is to block or mitigate the attacker’s behaviour.
CyberBattleSim is an immersive environment built with OpenAI Gym that focuses on the lateral movement process of a cyber-attack. The project simulates a fixed network with predefined vulnerabilities that an intruder model can exploit for lateral movement, while a defender agent attempts to identify and contain the intrusion.
“The network architecture, list of supported vulnerabilities, and nodes where they are planted are all parameterized in the simulation Gym environment. “Because the simulation does not allow machine code execution, no security bypass is possible,” Microsoft states.
The simulated computer network, which includes systems running on a variety of platforms, aims to demonstrate how using the most recent operating systems and keeping them updated will improve security. Defenders can create automated agents and monitor their progress in the environment using the Gym app.
“Agents must now benefit from findings that aren’t unique to the instance they’re interacting with in order to perform well. They can’t just remember node indices or some other network size-related value. Instead, they may look at temporal features or system properties,” the engineering behemoth describes.
CyberBattleSim, according to Microsoft, is extremely abstract and cannot be extended to real-world systems, which protects against the nefarious use of specialised automated agents.