What you need to know
- Microsoft released CyberBattleSim on GitHub.
- The simulation is used to study how cyber attacks work their way through a network.
- CyberBattlesim's goal is to help AI improve in defending against attacks.
The blog post has quite a bit of jargon that you'll have to parse through, but Microsoft uses a helpful video game analogy to explain the setup.
The player of the game is the agent, the commands it takes are the actions, and the ultimate reward is winning the game. The best reinforcement learning algorithms can learn effective strategies through repeated experience by gradually learning what actions to take in each state of the environment. The more the agents play the game, the smarter they get at it.
In other words, people can create a model of computer nodes and then have a simulated attacker exploit vulnerabilities and work its way through the network. This model can then be used to develop defender agents. This setup uses reinforcement learning to train autonomous agents that can perform better than humans at games.
This approach to security provides valuable insight, but Microsoft didn't use it for modeling actual network traffic. Instead, the strategy focuses on understanding how agents work through a network. Microsoft explains towards the end of its blog post:
The simulation in CyberBattleSim is simplistic, which has advantages: Its highly abstract nature prohibits direct application to real-world systems, thus providing a safeguard against potential nefarious use of automated agents trained with it. It also allows us to focus on specific aspects of security we aim to study and quickly experiment with recent machine learning and AI algorithms.
Using this setup, Microsoft hopes that people can study how AI can defend against attacks.
This is all quite technical and doesn't affect how you secure your PC on a daily basis. If you're looking to improve your PC security, here are tips for managing Windows Security on Windows 10.
