Microsoft's New Open Source Attack Simulator Visualizes Cyberattacks

The CyberBattleSim will help you model theoretical threats and learn how attackers spread through a network.

Microsoft is open-sourcing its internal threat modeling tool, CyberBattleSim, making the project available to anyone.

The handily named CyberBattleSim is a tool developed and used by the Microsoft 365 Defender Research team, helping to build "highly abstract" simulations of complex computer systems and how an attacker may spread laterally throughout it.

Microsoft hopes that the release of CyberBattleSim will encourage other security researchers to pick up the tool and develop further uses and roles for it and better understand how an attacker might act within a compromised network.

CyberBattleSim: An Open-Source Attack Simulator

At its core, CyberBattleSim is a threat modeling tool built using the Python-based Open AI Gym interface for ease of use.

Users can simulate a network of computer nodes using a fixed topology, then program a list of predefined vulnerabilities affecting the network. From there, the simulated attacker will attempt to breach the network using the defined vulnerabilities, exploiting any weaknesses in its attack.

In turn, automated defenses will attempt to protect against the attack, simulating how network defenses attempt to repel attackers and eject them from the network.

The simulation does not support machine code execution, and thus no security exploit actually takes place in it. We instead model vulnerabilities abstractly with a precondition defining the following: the nodes where the vulnerability is active, a probability of successful exploitation, and a high-level definition of the outcome and side-effects

From the outside, it looks like a fun, exploratory tool. But CyberBattleSim allows for extensively customizable scenarios using a huge range of triggers and parameters. The official Microsoft Security blog announcing the tool's release also details a custom capture-the-flag style challenge. At the same time, there are multiple types of predefined vulnerability outcomes that can affect the outcome of the model.

Related: The Best Intrusion Detection and Prevention Systems to Boost Your Cyber Security

AI Tech Important to Threat Modelling

The use of AI-tech in threat modeling scenarios is important, providing researchers with the tools to understand interactions and the trajectory of an ongoing attack.

Related: Understanding Malware: Common Types You Should Know About

Importantly, CyberSimBattle's simulation is highly abstract, meaning that it doesn't bear a resemblance to any real-world systems, curtailing its use as a theoretical malicious tool.

With CyberBattleSim, we are just scratching the surface of what we believe is a huge potential for applying reinforcement learning to security. We invite researchers and data scientists to build on our experimentation. We're excited to see this work expand and inspire new and innovative ways to approach security problems

About The Author