Microsoft has recently launched a cyberattack simulator that allows security researchers to study AI-driven attacks in simulated network environments. The simulator is named CyberBattleSim and can be accessed through an open-source license that uses a Python-based Open AI Gym toolkit. The sim can be used to train automated agents through reinforcement learning algorithms. Microsoft’s 365 Defender Research Team launched the CyberBattleSim as part of their efforts to use AI and machine learning in their security defences.
Upon launching the CyberBattleSim William Blum from Microsoft’s 365 Defender Research Team said the simulation is “an experimental research project that investigates how autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts.” He later went on to say, “CyberBattleSim provides a way to build a highly abstract simulation of complexity of computer systems, making it possible to frame cybersecurity challenges in the context of reinforcement learning. By sharing this research toolkit broadly, we encourage the community to build on our work and investigate how cyber-agents interact and evolve in simulated environments, and research how high-level abstractions of cybersecurity concepts help us understand how cyber-agents would behave in actual enterprise networks.”