CyberBattleSim is an open-source research platform for investigating the interaction of automated agents in abstract simulated enterprise network environments. It targets researchers and engineers interested in cybersecurity, reinforcement learning, and agent-based modeling, offering a safe, simplified environment to develop and test cyber-attack and defense strategies.

How It Works

The platform simulates an abstract enterprise network with parameterized topologies and vulnerabilities. Agents, trained using OpenAI Gym interfaces and reinforcement learning algorithms, aim to exploit vulnerabilities for lateral movement and network control. A basic defender agent monitors activity, detects attacks, and mitigates them by re-imaging nodes. This high-level abstraction focuses on cyber-attack techniques like lateral movement, abstracting away network traffic for faster experimentation.

Quick Start & Requirements

• Install/Run: Recommended to use Linux or WSL. Install Conda via install_conda.sh, then run init.sh to create and activate the cybersim environment.
• Prerequisites: Python, Conda, Git. Specific OS libraries (libnss3-dev, libgtk-3-0, libxss1, libasound2-dev, libgtk2.0-0, libgconf-2-4) may be needed for notebooks. Docker is also supported.
• Setup: Initial setup involves cloning the repo and running initialization scripts.
• Docs: Quick introduction

Highlighted Details

• Provides an OpenAI Gym interface for reinforcement learning agent training.
• Focuses on cyber-attack techniques like lateral movement and credential management challenges.
• Includes example agents (DQL, Random Search) and benchmark notebooks for performance evaluation.
• Allows custom network topology and vulnerability definition for environment creation.

Maintenance & Community

• Developed by the Microsoft Defender Research Team.
• Welcomes contributions via pull requests, requiring agreement to a Contributor License Agreement (CLA).
• Follows the Microsoft Open Source Code of Conduct.
• Wiki available for contribution ideas.

Licensing & Compatibility

• Licensed under the MIT License.
• No customer data is included; models and topologies are fictitious.

Limitations & Caveats

The simulation is admittedly simplistic and abstract, prohibiting direct application to real-world systems. Modeling actual network traffic is not implemented, and the large action space of computer systems presents a challenge for reinforcement learning.