Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks.
The tech, dubbed CyberBattleSim by its creators at the Microsoft 365 Defender research team, is a Python-based OpenAI Gym affair, and sets up pretend networks loaded with vulnerabilities and other weaknesses. The attackers learn how to find and exploit flaws to spread through the network, while defenders try to detect malicious activity and mitigate it.
This is supposed to be a simulation of network movement and infiltration after outer defenses have been breached, and it's hoped this work can be used to study autonomous defense and offense in information security, and whatever else your imagination can come up with.
Microsoft rolls out mask detection to Azure Cognitive Services. And yes, there is a noseAndMouthCovered attributeREAD MORE
"CyberBattleSim provides a way to build a highly abstract simulation of complexity of computer systems, making it possible to frame cybersecurity challenges in the context of reinforcement learning," the team said in a blog post on Friday.
"By sharing this research toolkit broadly, we encourage the community to build on our work and investigate how cyber-agents interact and evolve in simulated environments, and research how high-level abstractions of cyber security concepts help us understand how cyber-agents would behave in actual enterprise networks."
Over the past year, Microsoft has been running the system to model attacks, and now wants to get more feedback.
"With CyberBattleSim, we are just scratching the surface of what we believe is a huge potential for applying reinforcement learning to security," the team said. "We invite researchers and data scientists to build on our experimentation."
Redmond says the model should be run on Linux – they use Ubuntu – and the code is here on GitHub. As for Windows, you can try it and see if it works. ®