oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#2483- Slight updates to UC7 config and e2e notebook

Browse Source
This commit is contained in:
Archer Bowen
2025-02-25 15:37:57 +00:00
committed by Marek Wolan
parent 6769bc917f
commit 80be1d5418
2 changed files with 60 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/primaite/config/_package_data/uc7_config.yaml
View File

@@ -14,8 +14,8 @@ io_settings:
save_agent_actions: false
save_step_metadata: false
save_pcap_logs: false
save_sys_logs: True
# save_sys_logs: true
save_sys_logs: false
save_agent_logs: false
write_sys_log_to_terminal: false
@@ -1924,6 +1924,7 @@ agents:
- service_name: ftp-client
applications:
- application_name: ransomware-script
- application_name: database-client
folders:
- folder_name: downloads
files:
@@ -1937,6 +1938,7 @@ agents:
- service_name: ftp-client
applications:
- application_name: ransomware-script
- application_name: database-client
folders:
- folder_name: downloads
files:

112
src/primaite/notebooks/UC7-E2E-Demo.ipynb
View File

@@ -60,6 +60,11 @@
"outputs": [],
"source": [
"use_case_7_config = load(_EXAMPLE_CFG/\"uc7_config.yaml\")\n",
"with open(file=_EXAMPLE_CFG/\"uc7_config.yaml\", mode=\"r\") as uc7_config:\n",
" cfg = yaml.safe_load(uc7_config)\n",
" cfg['io_settings']['save_sys_logs'] = True # Saving syslogs\n",
" cfg['io_settings']['save_agent_actions'] = True # Saving agent actions\n",
" cfg['io_settings']['save_agent_logs'] = True # Save agent logs\n",
"env = PrimaiteGymEnv(env_config=use_case_7_config)"
]
},
@@ -569,8 +574,8 @@
"metadata": {},
"outputs": [],
"source": [
"home_pub_pc_1.sys_log.show(last_n=10)\n",
"st_data_private_server_database.sys_log.show(last_n=5)"
"home_pub_pc_1.software_manager.software[\"database-client\"].sys_log.show(last_n=10)\n",
"st_data_private_server_database.software_manager.software[\"database-service\"].sys_log.show(last_n=5)"
]
},
{
@@ -642,7 +647,7 @@
"source": [
"# By default the `uc7_config.yaml` is setup to use TAP001\n",
"env.reset()\n",
"for _ in range(128):\n",
"for _ in range(80):\n",
" env.step(action=0)\n",
"\n",
"uc7_tap001 = env.game.agents.get(\"attacker\")\n",
@@ -712,7 +717,8 @@
" cfg = yaml.safe_load(uc7_config)\n",
" cfg[\"agents\"][33][\"agent_settings\"][\"flatten_obs\"] = False\n",
" cfg['io_settings']['save_sys_logs'] = True # Saving syslogs\n",
" cfg['io_settings']['save_agent_actions'] = True # Saving syslogs\n",
" cfg['io_settings']['save_agent_logs'] = True # Saving agent logs\n",
"\n",
"env = PrimaiteGymEnv(env_config=cfg)"
]
},
@@ -813,7 +819,7 @@
"\n",
"_(Click to enlarge)_\n",
"\n",
"Represented as a hierarchy (i.e the same way as a dictionary) the blue agent OBS is seperate into multiple sections.\n",
"Represented as a hierarchy (i.e the same way as a dictionary) the blue agent OBS is separate into multiple sections.\n",
"\n",
"### Links\n",
"\n",
@@ -917,9 +923,9 @@
"\n",
"|Host label|hostname| services | applications | folders | files |\n",
"|:--:|:--:|:--:|:--:|:--:|:--:|\n",
"|HOST1|ST-PROJ-A-PRV-PC-1 | ftp-client | RansomwareScript | downloads, exfiltration_folder | malware_dropper.ps1, database.db |\n",
"|HOST2|ST-PROJ-B-PRV-PC-2| ftp-client | RansomwareScript | downloads, exfiltration_folder | malware_dropper.ps1, database.db |\n",
"|HOST3|ST-PROJ-C-PRV-PC-3| ftp-client | RansomwareScript | downloads, exfiltration_folder | malware_dropper.ps1, database.db |\n",
"|HOST1|ST-PROJ-A-PRV-PC-1 | ftp-client | ransomware_script, database-client | downloads, exfiltration_folder | malware_dropper.ps1, database.db |\n",
"|HOST2|ST-PROJ-B-PRV-PC-2| ftp-client | ransomware-script, database-client | downloads, exfiltration_folder | malware_dropper.ps1, database.db |\n",
"|HOST3|ST-PROJ-C-PRV-PC-3| ftp-client | ransomware-script, database-client | downloads, exfiltration_folder | malware_dropper.ps1, database.db |\n",
"|HOST4|ST-DATA-PRV-SRV-DB||| database | database.db|\n",
"\n",
"\n",
@@ -1249,31 +1255,30 @@
"\n",
"```yaml\n",
" action_space:\n",
" action_list:\n",
" action_map: \n",
" action_map:\n",
" 0:\n",
" action: DONOTHING\n",
" options: {}\n",
" action: do-nothing\n",
" options: {}\n",
"\n",
" # |======================================|\n",
" # | ST-PROJ-A-PRV-PC-1 |\n",
" # |======================================|\n",
" # |======================================|\n",
" # | ST-PROJ-A-PRV-PC-1 |\n",
" # |======================================|\n",
"\n",
" # ST-PROJ-A-PRV-PC-1 | NODE_OS_SCAN\n",
" 1:\n",
" action: NODE_OS_SCAN\n",
" options:\n",
" node_id: 0 # ST-PROJ-A-PRV-PC-1\n",
" # ST-PROJ-A-PRV-PC-1 | NODE_SHUTDOWN\n",
" 2:\n",
" action: NODE_SHUTDOWN\n",
" options:\n",
" node_id: 0 # ST-PROJ-A-PRV-PC-1\n",
" # ST-PROJ-A-PRV-PC-1 | NODE_STARTUP\n",
" 3:\n",
" action: NODE_STARTUP\n",
" options:\n",
" node_id: 0 # ST-PROJ-A-PRV-PC-1\n",
" # ST-PROJ-A-PRV-PC-1 | node-os-scan\n",
" 1:\n",
" action: node-os-scan\n",
" options:\n",
" node_name: ST-PROJ-A-PRV-PC-1\n",
" # ST-PROJ-A-PRV-PC-1 | node-shutdown\n",
" 2:\n",
" action: node-shutdown\n",
" options:\n",
" node_name: ST-PROJ-A-PRV-PC-1\n",
" # ST-PROJ-A-PRV-PC-1 | node-startup\n",
" 3:\n",
" action: node-startup\n",
" options:\n",
" node_name: ST-PROJ-A-PRV-PC-1\n",
"```\n",
"\n",
"Converting the yaml snippet below we end up with the following:\n",
@@ -1281,9 +1286,9 @@
"|Action Num | Action Type | Options|\n",
"|:---------:|:-----------:|:------:|\n",
"|0|**DONOTHING**|*n/a*|\n",
"|1|**NODE_OS_SCAN**|*node_id: 0* \n",
"|2|**NODE_SHUTDOWN**|*node_id: 0* \n",
"|3|**NODE_STARTUP**|*node_id: 0* \n"
"|1|**NODE_OS_SCAN**|*node_name: ST-PROJ-A-PRV-PC-1*|\n",
"|2|**NODE_SHUTDOWN**|*node_name: ST-PROJ-A-PRV-PC-1*|\n",
"|3|**NODE_STARTUP**|*node_name: ST-PROJ-A-PRV-PC-1*|\n"
]
},
{
@@ -1300,11 +1305,7 @@
" env.step(0)\n",
"```\n",
"\n",
"This code snippet is used to step forward in an PrimAITE episode and force the blue agent into performing no action which is very useful for demonstrating default simulation behaviour as well as the different impacts that the green and red agents have upon the environment.\n",
"\n",
"`1: NODE_OS_SCAN`:\n",
"\n",
"The first actual action that the blue agent can perform is scanning action. Throughout PrimAITE there are a variety of different scanning type actions (such as `NODE_OS_SCAN`, `NODE_APPLICATION_SCAN` or `NODE_FILE/FOLDER_SCAN`) which can be used to by the blue agent to gain a deeper understanding of the simulation state. Specifically, these actions will cause the blue agent's observations to update to the \"true\" `HEALTH_STATUS` of a simulation component. For example, if a red agent corrupts and alters the health status of a file, the blue agent's observation space will not reflect this until the agent performs a `NODE_FILE_SCAN` on the newly corrupted file. It's worth noting that blue agents can be configured to see the true `HEALTH_STATUS` of software and files without needing to scan in the yaml. Although this may make it easier for an train and create an effective blue agent it could be seen as reducing the fidelity of the simulation.\n"
"This code snippet is used to step forward in an PrimAITE episode and force the blue agent into performing no action which is very useful for demonstrating default simulation behaviour as well as the different impacts that the green and red agents have upon the environment."
]
},
{
@@ -1341,9 +1342,9 @@
"outputs": [],
"source": [
"obs, reward, term, trunc, info = env.step(0)\n",
"print(f\"ftp-client (Prior Scan) OBS: {obs['NODES']['HOST0']['SERVICES'][1]}\")\n",
"print(f\"database-client (Prior Scan) OBS: {obs['NODES']['HOST0']['APPLICATIONS']}\")\n",
"obs_list = []"
"print(defender.history[1])\n",
"print(f\"ftp-client (Prior Scan) OBS: {defender.observation_manager.current_observation['NODES']['HOST0']['SERVICES'][1]}\")\n",
"print(f\"database-client (Prior Scan) OBS: {defender.observation_manager.current_observation['NODES']['HOST0']['APPLICATIONS'][2]}\")"
]
},
{
@@ -1359,19 +1360,10 @@
]
},
{
"cell_type": "code",
"execution_count": null,
"cell_type": "markdown",
"metadata": {},
"outputs": [],
"source": [
"env.step(1)\n",
"for _ in range(10):\n",
" obs, reward, term, trunc, info = env.step(1)\n",
" obs_list.append(obs['NODES']['HOST0']['SERVICES'][1])\n",
" obs_list.append(obs['NODES']['HOST0']['APPLICATIONS'][2])\n",
"\n",
"obs, reward, term, trunc, info = env.step(0)\n",
"print(f\"ftp-client (Post Scan) OBS: {obs['NODES']['HOST0']['SERVICES']}\")"
"Set by the `node_scan_duration` option in the simulation `defaults` section, it takes **8** timesteps before the results of `node-os-scan` impact the blue agent's observation space."
]
},
{
@@ -1380,7 +1372,14 @@
"metadata": {},
"outputs": [],
"source": [
"obs['NODES']['HOST0']"
"env.step(1)\n",
"print(defender.history[2])\n",
"for _ in range(7):\n",
" obs, reward, term, trunc, info = env.step(0)\n",
"\n",
"print(f\"Current Simulation Time Step: {env.game.step_counter}\")\n",
"print(f\"ftp-client (Post Scan) OBS: {defender.observation_manager.current_observation['NODES']['HOST0']['SERVICES'][1]}\")\n",
"print(f\"database-client (Post Scan) OBS: {defender.observation_manager.current_observation['NODES']['HOST0']['APPLICATIONS'][2]}\")"
]
},
{
@@ -1400,7 +1399,7 @@
"source": [
"# `1` is equal to 'ON' in this case.\n",
"obs, reward, term, trunc, info = env.step(0)\n",
"print(f\"ST-PROJ-A-PRV-PC-1's (prior shutdown) operating state: {obs['NODES']['HOST0']['operating_status']}\")"
"print(f\"ST-PROJ-A-PRV-PC-1's (prior shutdown) operating state: {defender.observation_manager.current_observation['NODES']['HOST0']['operating_status']}\")"
]
},
{
@@ -1421,7 +1420,7 @@
"outputs": [],
"source": [
"obs, reward, term, trunc, info = env.step(0)\n",
"print(f\"ST-PROJ-A-PRV-PC-1's (post shutdown) operating state: {obs['NODES']['HOST0']['operating_status']}\")"
"print(f\"ST-PROJ-A-PRV-PC-1's (post shutdown) operating state: {defender.observation_manager.current_observation['NODES']['HOST0']['operating_status']}\")"
]
},
{
@@ -1445,7 +1444,7 @@
" env.step(0) # 3 second reboot time.\n",
" \n",
"obs, reward, term, trunc, info = env.step(0)\n",
"print(f\"ST-PROJ-A-PRV-PC-1's (prior shutdown) operating state: {obs['NODES']['HOST0']['operating_status']}\")"
"print(f\"ST-PROJ-A-PRV-PC-1's (prior shutdown) operating state: {defender.observation_manager.current_observation['NODES']['HOST0']['operating_status']}\")"
]
},
{
@@ -1550,6 +1549,7 @@
" cfg[\"agents\"][33][\"agent_settings\"][\"flatten_obs\"] = False\n",
" cfg['io_settings']['save_sys_logs'] = True # Saving syslogs\n",
" cfg['io_settings']['save_agent_actions'] = True # Saving syslogs\n",
" cfg['io_settings']['save_agent_logs'] = True # Saving agent logs\n",
"env = PrimaiteGymEnv(env_config=cfg)\n",
"env.reset()\n",
"defender = env.game.rl_agents.get(\"defender\")\n",