diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/greens_0.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/greens_0.yaml new file mode 100644 index 00000000..f31c52fa --- /dev/null +++ b/src/primaite/config/_package_data/scenario_with_placeholders/greens_0.yaml @@ -0,0 +1,2 @@ +# No green agents present +greens: &greens [] diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/greens_1.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/greens_1.yaml index e152f23f..98d2392a 100644 --- a/src/primaite/config/_package_data/scenario_with_placeholders/greens_1.yaml +++ b/src/primaite/config/_package_data/scenario_with_placeholders/greens_1.yaml @@ -1,12 +1,11 @@ -greens: &greens +agents: &greens - ref: green_A team: GREEN type: ProbabilisticAgent agent_settings: action_probabilities: - 0: 0.3 - 1: 0.6 - 2: 0.1 + 0: 0.2 + 1: 0.8 observation_space: null action_space: action_list: @@ -14,14 +13,9 @@ greens: &greens - type: NODE_APPLICATION_EXECUTE options: nodes: - - node_name: client_2 + - node_name: client applications: - - application_name: WebBrowser - application_name: DatabaseClient - max_folders_per_node: 1 - max_files_per_folder: 1 - max_services_per_node: 1 - max_applications_per_node: 2 action_map: 0: action: DONOTHING @@ -31,68 +25,10 @@ greens: &greens options: node_id: 0 application_id: 0 - 2: - action: NODE_APPLICATION_EXECUTE - options: - node_id: 0 - application_id: 1 reward_function: reward_components: - - type: WEBPAGE_UNAVAILABLE_PENALTY - weight: 0.25 - options: - node_hostname: client_2 - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY - weight: 0.05 + weight: 1.0 options: - node_hostname: client_2 - - - ref: green_B - team: GREEN - type: ProbabilisticAgent - agent_settings: - action_probabilities: - 0: 0.3 - 1: 0.6 - 2: 0.1 - observation_space: null - action_space: - action_list: - - type: DONOTHING - - type: NODE_APPLICATION_EXECUTE - options: - nodes: - - node_name: client_1 - applications: - - application_name: WebBrowser - - application_name: DatabaseClient - max_folders_per_node: 1 - max_files_per_folder: 1 - max_services_per_node: 1 - max_applications_per_node: 2 - action_map: - 0: - action: DONOTHING - options: {} - 1: - action: NODE_APPLICATION_EXECUTE - options: - node_id: 0 - application_id: 0 - 2: - action: NODE_APPLICATION_EXECUTE - options: - node_id: 0 - application_id: 1 - - reward_function: - reward_components: - - type: WEBPAGE_UNAVAILABLE_PENALTY - weight: 0.25 - options: - node_hostname: client_1 - - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY - weight: 0.05 - options: - node_hostname: client_1 + node_hostname: client diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/greens_2.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/greens_2.yaml index 87c8ffe3..17a5977b 100644 --- a/src/primaite/config/_package_data/scenario_with_placeholders/greens_2.yaml +++ b/src/primaite/config/_package_data/scenario_with_placeholders/greens_2.yaml @@ -1,12 +1,11 @@ -greens: &greens - - ref: green_C +agents: &greens + - ref: green_B team: GREEN type: ProbabilisticAgent agent_settings: action_probabilities: - 0: 0.3 - 1: 0.6 - 2: 0.1 + 0: 0.95 + 1: 0.05 observation_space: null action_space: action_list: @@ -14,14 +13,9 @@ greens: &greens - type: NODE_APPLICATION_EXECUTE options: nodes: - - node_name: client_2 + - node_name: client applications: - - application_name: WebBrowser - application_name: DatabaseClient - max_folders_per_node: 1 - max_files_per_folder: 1 - max_services_per_node: 1 - max_applications_per_node: 2 action_map: 0: action: DONOTHING @@ -31,19 +25,10 @@ greens: &greens options: node_id: 0 application_id: 0 - 2: - action: NODE_APPLICATION_EXECUTE - options: - node_id: 0 - application_id: 1 reward_function: reward_components: - - type: WEBPAGE_UNAVAILABLE_PENALTY - weight: 0.25 - options: - node_hostname: client_2 - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY - weight: 0.05 + weight: 1.0 options: - node_hostname: client_2 + node_hostname: client diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/reds_0.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/reds_0.yaml new file mode 100644 index 00000000..878aba97 --- /dev/null +++ b/src/primaite/config/_package_data/scenario_with_placeholders/reds_0.yaml @@ -0,0 +1,2 @@ +# No red agents present +reds: &reds [] diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/reds_1.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/reds_1.yaml index 9019f6c6..31675a0b 100644 --- a/src/primaite/config/_package_data/scenario_with_placeholders/reds_1.yaml +++ b/src/primaite/config/_package_data/scenario_with_placeholders/reds_1.yaml @@ -11,22 +11,16 @@ reds: &reds - type: NODE_APPLICATION_EXECUTE options: nodes: - - node_name: client_1 + - node_name: client applications: - application_name: DataManipulationBot - - node_name: client_2 - applications: - - application_name: DataManipulationBot - max_folders_per_node: 1 - max_files_per_folder: 1 - max_services_per_node: 1 reward_function: reward_components: - type: DUMMY - agent_settings: # options specific to this particular agent type, basically args of __init__(self) + agent_settings: start_settings: - start_step: 25 - frequency: 20 - variance: 5 + start_step: 10 + frequency: 10 + variance: 0 diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/reds_2.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/reds_2.yaml index c3304e17..c5572b89 100644 --- a/src/primaite/config/_package_data/scenario_with_placeholders/reds_2.yaml +++ b/src/primaite/config/_package_data/scenario_with_placeholders/reds_2.yaml @@ -11,22 +11,16 @@ reds: &reds - type: NODE_APPLICATION_EXECUTE options: nodes: - - node_name: client_1 + - node_name: client applications: - application_name: DataManipulationBot - - node_name: client_2 - applications: - - application_name: DataManipulationBot - max_folders_per_node: 1 - max_files_per_folder: 1 - max_services_per_node: 1 reward_function: reward_components: - type: DUMMY - agent_settings: # options specific to this particular agent type, basically args of __init__(self) + agent_settings: start_settings: - start_step: 10 - frequency: 4 + start_step: 3 + frequency: 2 variance: 1 diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/scenario.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/scenario.yaml index b3d47f78..81848b2d 100644 --- a/src/primaite/config/_package_data/scenario_with_placeholders/scenario.yaml +++ b/src/primaite/config/_package_data/scenario_with_placeholders/scenario.yaml @@ -34,551 +34,86 @@ agents: - type: NODES label: NODES options: + routers: [] hosts: - - hostname: domain_controller - - hostname: web_server - services: - - service_name: WebServer - - hostname: database_server - folders: - - folder_name: database - files: - - file_name: database.db - - hostname: backup_server - - hostname: security_suite - - hostname: client_1 - - hostname: client_2 + - hostname: client + - hostname: server num_services: 1 - num_applications: 0 + num_applications: 1 num_folders: 1 num_files: 1 - num_nics: 2 + num_nics: 1 include_num_access: false include_nmne: true - routers: - - hostname: router_1 - num_ports: 0 - ip_list: - - 192.168.1.10 - - 192.168.1.12 - - 192.168.1.14 - - 192.168.1.16 - - 192.168.1.110 - - 192.168.10.21 - - 192.168.10.22 - - 192.168.10.110 - wildcard_list: - - 0.0.0.1 - port_list: - - 80 - - 5432 - protocol_list: - - ICMP - - TCP - - UDP - num_rules: 10 - type: LINKS label: LINKS options: link_references: - - router_1:eth-1<->switch_1:eth-8 - - router_1:eth-2<->switch_2:eth-8 - - switch_1:eth-1<->domain_controller:eth-1 - - switch_1:eth-2<->web_server:eth-1 - - switch_1:eth-3<->database_server:eth-1 - - switch_1:eth-4<->backup_server:eth-1 - - switch_1:eth-7<->security_suite:eth-1 - - switch_2:eth-1<->client_1:eth-1 - - switch_2:eth-2<->client_2:eth-1 - - switch_2:eth-7<->security_suite:eth-2 - - type: "NONE" - label: ICS - options: {} + - client:eth-1<->switch_1:eth-1 + - server:eth-1<->switch_1:eth-2 + action_space: action_list: - type: DONOTHING - - type: NODE_SERVICE_SCAN - - type: NODE_SERVICE_STOP - - type: NODE_SERVICE_START - - type: NODE_SERVICE_PAUSE - - type: NODE_SERVICE_RESUME - - type: NODE_SERVICE_RESTART - - type: NODE_SERVICE_DISABLE - - type: NODE_SERVICE_ENABLE - - type: NODE_SERVICE_FIX - - type: NODE_FILE_SCAN - - type: NODE_FILE_CHECKHASH - - type: NODE_FILE_DELETE - - type: NODE_FILE_REPAIR - - type: NODE_FILE_RESTORE - - type: NODE_FOLDER_SCAN - - type: NODE_FOLDER_CHECKHASH - - type: NODE_FOLDER_REPAIR - - type: NODE_FOLDER_RESTORE - - type: NODE_OS_SCAN - type: NODE_SHUTDOWN - type: NODE_STARTUP - - type: NODE_RESET - - type: ROUTER_ACL_ADDRULE - - type: ROUTER_ACL_REMOVERULE - type: HOST_NIC_ENABLE - type: HOST_NIC_DISABLE - action_map: - 0: - action: DONOTHING - options: {} - # scan webapp service - 1: - action: NODE_SERVICE_SCAN - options: - node_id: 1 - service_id: 0 - # stop webapp service - 2: - action: NODE_SERVICE_STOP - options: - node_id: 1 - service_id: 0 - # start webapp service - 3: - action: "NODE_SERVICE_START" - options: - node_id: 1 - service_id: 0 - 4: - action: "NODE_SERVICE_PAUSE" - options: - node_id: 1 - service_id: 0 - 5: - action: "NODE_SERVICE_RESUME" - options: - node_id: 1 - service_id: 0 - 6: - action: "NODE_SERVICE_RESTART" - options: - node_id: 1 - service_id: 0 - 7: - action: "NODE_SERVICE_DISABLE" - options: - node_id: 1 - service_id: 0 - 8: - action: "NODE_SERVICE_ENABLE" - options: - node_id: 1 - service_id: 0 - 9: # check database.db file - action: "NODE_FILE_SCAN" - options: - node_id: 2 - folder_id: 0 - file_id: 0 - 10: - action: "NODE_FILE_SCAN" # CHECKHASH replaced by SCAN - but the behaviour is the same in this context. - options: - node_id: 2 - folder_id: 0 - file_id: 0 - 11: - action: "NODE_FILE_DELETE" - options: - node_id: 2 - folder_id: 0 - file_id: 0 - 12: - action: "NODE_FILE_REPAIR" - options: - node_id: 2 - folder_id: 0 - file_id: 0 - 13: - action: "NODE_SERVICE_FIX" - options: - node_id: 2 - service_id: 0 - 14: - action: "NODE_FOLDER_SCAN" - options: - node_id: 2 - folder_id: 0 - 15: - action: "NODE_FOLDER_SCAN" # CHECKHASH replaced by SCAN - but the behaviour is the same in this context. - options: - node_id: 2 - folder_id: 0 - 16: - action: "NODE_FOLDER_REPAIR" - options: - node_id: 2 - folder_id: 0 - 17: - action: "NODE_FOLDER_RESTORE" - options: - node_id: 2 - folder_id: 0 - 18: - action: "NODE_OS_SCAN" - options: - node_id: 0 - 19: - action: "NODE_SHUTDOWN" - options: - node_id: 0 - 20: - action: NODE_STARTUP - options: - node_id: 0 - 21: - action: NODE_RESET - options: - node_id: 0 - 22: - action: "NODE_OS_SCAN" - options: - node_id: 1 - 23: - action: "NODE_SHUTDOWN" - options: - node_id: 1 - 24: - action: NODE_STARTUP - options: - node_id: 1 - 25: - action: NODE_RESET - options: - node_id: 1 - 26: # old action num: 18 - action: "NODE_OS_SCAN" - options: - node_id: 2 - 27: - action: "NODE_SHUTDOWN" - options: - node_id: 2 - 28: - action: NODE_STARTUP - options: - node_id: 2 - 29: - action: NODE_RESET - options: - node_id: 2 - 30: - action: "NODE_OS_SCAN" - options: - node_id: 3 - 31: - action: "NODE_SHUTDOWN" - options: - node_id: 3 - 32: - action: NODE_STARTUP - options: - node_id: 3 - 33: - action: NODE_RESET - options: - node_id: 3 - 34: - action: "NODE_OS_SCAN" - options: - node_id: 4 - 35: - action: "NODE_SHUTDOWN" - options: - node_id: 4 - 36: - action: NODE_STARTUP - options: - node_id: 4 - 37: - action: NODE_RESET - options: - node_id: 4 - 38: - action: "NODE_OS_SCAN" - options: - node_id: 5 - 39: # old action num: 19 # shutdown client 1 - action: "NODE_SHUTDOWN" - options: - node_id: 5 - 40: # old action num: 20 - action: NODE_STARTUP - options: - node_id: 5 - 41: # old action num: 21 - action: NODE_RESET - options: - node_id: 5 - 42: - action: "NODE_OS_SCAN" - options: - node_id: 6 - 43: - action: "NODE_SHUTDOWN" - options: - node_id: 6 - 44: - action: NODE_STARTUP - options: - node_id: 6 - 45: - action: NODE_RESET - options: - node_id: 6 - - 46: # old action num: 22 # "ACL: ADDRULE - Block outgoing traffic from client 1" - action: "ROUTER_ACL_ADDRULE" - options: - target_router_nodename: router_1 - position: 1 - permission: 2 - source_ip_id: 7 # client 1 - dest_ip_id: 1 # ALL - source_port_id: 1 - dest_port_id: 1 - protocol_id: 1 - source_wildcard_id: 0 - dest_wildcard_id: 0 - 47: # old action num: 23 # "ACL: ADDRULE - Block outgoing traffic from client 2" - action: "ROUTER_ACL_ADDRULE" - options: - target_router_nodename: router_1 - position: 2 - permission: 2 - source_ip_id: 8 # client 2 - dest_ip_id: 1 # ALL - source_port_id: 1 - dest_port_id: 1 - protocol_id: 1 - source_wildcard_id: 0 - dest_wildcard_id: 0 - 48: # old action num: 24 # block tcp traffic from client 1 to web app - action: "ROUTER_ACL_ADDRULE" - options: - target_router_nodename: router_1 - position: 3 - permission: 2 - source_ip_id: 7 # client 1 - dest_ip_id: 3 # web server - source_port_id: 1 - dest_port_id: 1 - protocol_id: 3 - source_wildcard_id: 0 - dest_wildcard_id: 0 - 49: # old action num: 25 # block tcp traffic from client 2 to web app - action: "ROUTER_ACL_ADDRULE" - options: - target_router_nodename: router_1 - position: 4 - permission: 2 - source_ip_id: 8 # client 2 - dest_ip_id: 3 # web server - source_port_id: 1 - dest_port_id: 1 - protocol_id: 3 - source_wildcard_id: 0 - dest_wildcard_id: 0 - 50: # old action num: 26 - action: "ROUTER_ACL_ADDRULE" - options: - target_router_nodename: router_1 - position: 5 - permission: 2 - source_ip_id: 7 # client 1 - dest_ip_id: 4 # database - source_port_id: 1 - dest_port_id: 1 - protocol_id: 3 - source_wildcard_id: 0 - dest_wildcard_id: 0 - 51: # old action num: 27 - action: "ROUTER_ACL_ADDRULE" - options: - target_router_nodename: router_1 - position: 6 - permission: 2 - source_ip_id: 8 # client 2 - dest_ip_id: 4 # database - source_port_id: 1 - dest_port_id: 1 - protocol_id: 3 - source_wildcard_id: 0 - dest_wildcard_id: 0 - 52: # old action num: 28 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 0 - 53: # old action num: 29 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 1 - 54: # old action num: 30 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 2 - 55: # old action num: 31 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 3 - 56: # old action num: 32 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 4 - 57: # old action num: 33 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 5 - 58: # old action num: 34 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 6 - 59: # old action num: 35 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 7 - 60: # old action num: 36 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 8 - 61: # old action num: 37 - action: "ROUTER_ACL_REMOVERULE" - options: - target_router_nodename: router_1 - position: 9 - 62: # old action num: 38 - action: "HOST_NIC_DISABLE" - options: - node_id: 0 - nic_id: 0 - 63: # old action num: 39 - action: "HOST_NIC_ENABLE" - options: - node_id: 0 - nic_id: 0 - 64: # old action num: 40 - action: "HOST_NIC_DISABLE" - options: - node_id: 1 - nic_id: 0 - 65: # old action num: 41 - action: "HOST_NIC_ENABLE" - options: - node_id: 1 - nic_id: 0 - 66: # old action num: 42 - action: "HOST_NIC_DISABLE" - options: - node_id: 2 - nic_id: 0 - 67: # old action num: 43 - action: "HOST_NIC_ENABLE" - options: - node_id: 2 - nic_id: 0 - 68: # old action num: 44 - action: "HOST_NIC_DISABLE" - options: - node_id: 3 - nic_id: 0 - 69: # old action num: 45 - action: "HOST_NIC_ENABLE" - options: - node_id: 3 - nic_id: 0 - 70: # old action num: 46 - action: "HOST_NIC_DISABLE" - options: - node_id: 4 - nic_id: 0 - 71: # old action num: 47 - action: "HOST_NIC_ENABLE" - options: - node_id: 4 - nic_id: 0 - 72: # old action num: 48 - action: "HOST_NIC_DISABLE" - options: - node_id: 4 - nic_id: 1 - 73: # old action num: 49 - action: "HOST_NIC_ENABLE" - options: - node_id: 4 - nic_id: 1 - 74: # old action num: 50 - action: "HOST_NIC_DISABLE" - options: - node_id: 5 - nic_id: 0 - 75: # old action num: 51 - action: "HOST_NIC_ENABLE" - options: - node_id: 5 - nic_id: 0 - 76: # old action num: 52 - action: "HOST_NIC_DISABLE" - options: - node_id: 6 - nic_id: 0 - 77: # old action num: 53 - action: "HOST_NIC_ENABLE" - options: - node_id: 6 - nic_id: 0 - - - + 0: + action: DONOTHING + options: {} + 1: + action: NODE_SHUTDOWN + options: + node_id: 0 + 2: + action: NODE_SHUTDOWN + options: + node_id: 1 + 3: + action: NODE_STARTUP + options: + node_id: 0 + 4: + action: NODE_STARTUP + options: + node_id: 1 + 5: + action: HOST_NIC_DISABLE + options: + node_id: 0 + nic_id: 0 + 6: + action: HOST_NIC_DISABLE + options: + node_id: 1 + nic_id: 0 + 7: + action: HOST_NIC_ENABLE + options: + node_id: 0 + nic_id: 0 + 8: + action: HOST_NIC_ENABLE + options: + node_id: 1 + nic_id: 0 options: nodes: - - node_name: domain_controller - - node_name: web_server - applications: - - application_name: DatabaseClient - services: - - service_name: WebServer - - node_name: database_server - folders: - - folder_name: database - files: - - file_name: database.db - services: - - service_name: DatabaseService - - node_name: backup_server - - node_name: security_suite - - node_name: client_1 - - node_name: client_2 + - node_name: client + - node_name: server - max_folders_per_node: 2 - max_files_per_folder: 2 - max_services_per_node: 2 - max_nics_per_node: 8 - max_acl_rules: 10 + max_folders_per_node: 0 + max_files_per_folder: 0 + max_services_per_node: 0 + max_nics_per_node: 1 + max_acl_rules: 0 ip_list: - - 192.168.1.10 - - 192.168.1.12 - - 192.168.1.14 - - 192.168.1.16 - - 192.168.1.110 - - 192.168.10.21 - - 192.168.10.22 - - 192.168.10.110 + - 192.168.1.2 + - 192.168.1.3 + reward_function: reward_components: - type: DATABASE_FILE_INTEGRITY @@ -589,199 +124,45 @@ agents: file_name: database.db agent_settings: - flatten_obs: true + flatten_obs: false simulation: network: - nmne_config: - capture_nmne: true - nmne_capture_keywords: - - DELETE nodes: - - - hostname: router_1 - type: router - num_ports: 5 - ports: - 1: - ip_address: 192.168.1.1 - subnet_mask: 255.255.255.0 - 2: - ip_address: 192.168.10.1 - subnet_mask: 255.255.255.0 - acl: - 18: - action: PERMIT - src_port: POSTGRES_SERVER - dst_port: POSTGRES_SERVER - 19: - action: PERMIT - src_port: DNS - dst_port: DNS - 20: - action: PERMIT - src_port: FTP - dst_port: FTP - 21: - action: PERMIT - src_port: HTTP - dst_port: HTTP - 22: - action: PERMIT - src_port: ARP - dst_port: ARP - 23: - action: PERMIT - protocol: ICMP + - hostname: client + type: computer + ip_address: 192.168.1.2 + subnet_mask: 255.255.255.0 + default_gateway: 192.168.1.1 + applications: + - type: DatabaseClient + options: + db_server_ip: 192.168.1.3 + - type: DataManipulationBot + options: + server_ip: 192.168.1.3 + payload: "DELETE" - hostname: switch_1 type: switch - num_ports: 8 + num_ports: 2 - - hostname: switch_2 - type: switch - num_ports: 8 - - - hostname: domain_controller + - hostname: server type: server - ip_address: 192.168.1.10 + ip_address: 192.168.1.3 subnet_mask: 255.255.255.0 default_gateway: 192.168.1.1 services: - - type: DNSServer - options: - domain_mapping: - arcd.com: 192.168.1.12 # web server - - - hostname: web_server - type: server - ip_address: 192.168.1.12 - subnet_mask: 255.255.255.0 - default_gateway: 192.168.1.1 - dns_server: 192.168.1.10 - services: - - type: WebServer - applications: - - type: DatabaseClient - options: - db_server_ip: 192.168.1.14 - - - - hostname: database_server - type: server - ip_address: 192.168.1.14 - subnet_mask: 255.255.255.0 - default_gateway: 192.168.1.1 - dns_server: 192.168.1.10 - services: - - type: DatabaseService - options: - backup_server_ip: 192.168.1.16 - - type: FTPClient - - - hostname: backup_server - type: server - ip_address: 192.168.1.16 - subnet_mask: 255.255.255.0 - default_gateway: 192.168.1.1 - dns_server: 192.168.1.10 - services: - - type: FTPServer - - - hostname: security_suite - type: server - ip_address: 192.168.1.110 - subnet_mask: 255.255.255.0 - default_gateway: 192.168.1.1 - dns_server: 192.168.1.10 - network_interfaces: - 2: # unfortunately this number is currently meaningless, they're just added in order and take up the next available slot - ip_address: 192.168.10.110 - subnet_mask: 255.255.255.0 - - - hostname: client_1 - type: computer - ip_address: 192.168.10.21 - subnet_mask: 255.255.255.0 - default_gateway: 192.168.10.1 - dns_server: 192.168.1.10 - applications: - - type: DataManipulationBot - options: - port_scan_p_of_success: 0.8 - data_manipulation_p_of_success: 0.8 - payload: "DELETE" - server_ip: 192.168.1.14 - - type: WebBrowser - options: - target_url: http://arcd.com/users/ - - type: DatabaseClient - options: - db_server_ip: 192.168.1.14 - services: - - type: DNSClient - - - hostname: client_2 - type: computer - ip_address: 192.168.10.22 - subnet_mask: 255.255.255.0 - default_gateway: 192.168.10.1 - dns_server: 192.168.1.10 - applications: - - type: WebBrowser - options: - target_url: http://arcd.com/users/ - - type: DataManipulationBot - options: - port_scan_p_of_success: 0.8 - data_manipulation_p_of_success: 0.8 - payload: "DELETE" - server_ip: 192.168.1.14 - - type: DatabaseClient - options: - db_server_ip: 192.168.1.14 - services: - - type: DNSClient + - type: DatabaseService links: - - endpoint_a_hostname: router_1 + - endpoint_a_hostname: client endpoint_a_port: 1 endpoint_b_hostname: switch_1 - endpoint_b_port: 8 - - endpoint_a_hostname: router_1 - endpoint_a_port: 2 - endpoint_b_hostname: switch_2 - endpoint_b_port: 8 - - endpoint_a_hostname: switch_1 + endpoint_b_port: 1 + + - endpoint_a_hostname: server endpoint_a_port: 1 - endpoint_b_hostname: domain_controller - endpoint_b_port: 1 - - endpoint_a_hostname: switch_1 - endpoint_a_port: 2 - endpoint_b_hostname: web_server - endpoint_b_port: 1 - - endpoint_a_hostname: switch_1 - endpoint_a_port: 3 - endpoint_b_hostname: database_server - endpoint_b_port: 1 - - endpoint_a_hostname: switch_1 - endpoint_a_port: 4 - endpoint_b_hostname: backup_server - endpoint_b_port: 1 - - endpoint_a_hostname: switch_1 - endpoint_a_port: 7 - endpoint_b_hostname: security_suite - endpoint_b_port: 1 - - endpoint_a_hostname: switch_2 - endpoint_a_port: 1 - endpoint_b_hostname: client_1 - endpoint_b_port: 1 - - endpoint_a_hostname: switch_2 - endpoint_a_port: 2 - endpoint_b_hostname: client_2 - endpoint_b_port: 1 - - endpoint_a_hostname: switch_2 - endpoint_a_port: 7 - endpoint_b_hostname: security_suite + endpoint_b_hostname: switch_1 endpoint_b_port: 2 diff --git a/src/primaite/config/_package_data/scenario_with_placeholders/schedule.yaml b/src/primaite/config/_package_data/scenario_with_placeholders/schedule.yaml index 2d26eb31..07ee4e50 100644 --- a/src/primaite/config/_package_data/scenario_with_placeholders/schedule.yaml +++ b/src/primaite/config/_package_data/scenario_with_placeholders/schedule.yaml @@ -1,18 +1,14 @@ base_scenario: scenario.yaml schedule: 0: - - greens_1.yaml - - reds_1.yaml + - greens_0.yaml + - reds_0.yaml 1: - - greens_1.yaml - - reds_2.yaml + - greens_0.yaml + - reds_1.yaml 2: - - greens_2.yaml + - greens_1.yaml - reds_1.yaml 3: - greens_2.yaml - reds_2.yaml - -# touch base with container to see what they've implemented for training schedule and evaluation schedule - for naming convention consistency -# when you exceed the number of episodes defined in the yaml, raise a warning and loop back to the beginning -# provide minimal functionality for checking compatibility- but we will assume that the user will correctly specify the blue/red/green agents and environment. diff --git a/src/primaite/notebooks/Scenario-Placeholders.ipynb b/src/primaite/notebooks/Scenario-Placeholders.ipynb deleted file mode 100644 index 9de34a81..00000000 --- a/src/primaite/notebooks/Scenario-Placeholders.ipynb +++ /dev/null @@ -1,190 +0,0 @@ -{ - "cells": [ - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "import yaml\n", - "from pprint import pprint\n", - "from pathlib import Path\n", - "from typing import Sequence\n", - "from primaite.session.environment import PrimaiteGymEnv\n" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "froot = Path('/home/cade/repos/PrimAITE/src/primaite/config/_package_data/scenario_with_placeholders/')\n", - "sch = froot / 'schedule.yaml'\n", - "fp = froot / 'scenario.yaml'\n", - "fpr1 = froot / 'reds_1.yaml'\n", - "fpr2 = froot / 'reds_2.yaml'\n", - "fpg1 = froot / 'greens_1.yaml'\n", - "fpg2 = froot / 'greens_2.yaml'" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "\n", - "\n", - "\n", - "with open(sch,'r') as f:\n", - " schedule = yaml.safe_load(f)\n", - "\n", - "base_scenario_path = froot / schedule['base_scenario']\n", - "episodes = [v for n,v in schedule['schedule'].items()]\n", - "all_episode_paths = {x for ep in episodes for x in ep.values()}\n", - "episode_data = {fp:open(froot / fp, 'r').read() for fp in all_episode_paths}\n", - "base_scenario = open(base_scenario_path).read()\n", - "\n", - "def get_ep_config(ep_num):\n", - " episode = episodes[ep_num]\n", - " # print(episode.values())\n", - " parsed_cfg = yaml.safe_load('\\n'.join([episode_data[v] for v in episode.values()] + [base_scenario]))\n", - " flat_agents_list = []\n", - " for a in parsed_cfg['agents']:\n", - " if isinstance(a,Sequence):\n", - " flat_agents_list.extend(a)\n", - " else:\n", - " flat_agents_list.append(a)\n", - " parsed_cfg['agents'] = flat_agents_list\n", - " return parsed_cfg\n", - "\n", - "\n", - "pprint(len(get_ep_config(0)['agents']))\n", - "# pprint(get_ep_config(0)['agents'])\n", - "\n", - "# conf_data = open('test_data_1.yaml','r').read()\n", - "# variables = open('variables.yaml','r').read()\n", - "\n", - "# yaml.safe_load(f\"{variables}\\n{conf_data}\")\n", - "\n" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "gym = PrimaiteGymEnv(game_config=get_ep_config(0))\n", - "print(list(gym.game.agents.keys()))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "gym = PrimaiteGymEnv(game_config=get_ep_config(1))\n", - "print(list(gym.game.agents.keys()))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "gym = PrimaiteGymEnv(game_config=get_ep_config(2))\n", - "print(list(gym.game.agents.keys()))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "gym = PrimaiteGymEnv(game_config=get_ep_config(3))\n", - "print(list(gym.game.agents.keys()))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "from primaite.session.environment import PrimaiteGymEnv" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "env_2 = PrimaiteGymEnv(game_config='/home/cade/repos/PrimAITE/src/primaite/config/_package_data/scenario_with_placeholders')" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "for i in range(10):\n", - " print(env_2.episode_counter)\n", - " print(list(env_2.game.agents.keys()))\n", - " env_2.reset()" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "env = PrimaiteGymEnv(game_config='/home/cade/repos/PrimAITE/src/primaite/config/_package_data/data_manipulation.yaml')" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [ - "sum([[1,2],[3,4]])" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [] - } - ], - "metadata": { - "kernelspec": { - "display_name": "venv", - "language": "python", - "name": "python3" - }, - "language_info": { - "codemirror_mode": { - "name": "ipython", - "version": 3 - }, - "file_extension": ".py", - "mimetype": "text/x-python", - "name": "python", - "nbconvert_exporter": "python", - "pygments_lexer": "ipython3", - "version": "3.10.12" - } - }, - "nbformat": 4, - "nbformat_minor": 2 -} diff --git a/src/primaite/notebooks/Using-Episode-Schedules.ipynb b/src/primaite/notebooks/Using-Episode-Schedules.ipynb new file mode 100644 index 00000000..80e67065 --- /dev/null +++ b/src/primaite/notebooks/Using-Episode-Schedules.ipynb @@ -0,0 +1,372 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Using Episode Schedules\n", + "\n", + "PrimAITE supports the ability to use different variations on a scenario at different episodes. This can be used to increase \n", + "domain randomisation to prevent overfitting, or to set up curriculum learning to train agents to perform more complicated tasks.\n", + "\n", + "When using a fixed scenario, a single yaml config file is used. However, to use episode schedules, PrimAITE uses a \n", + "directory with several config files that work together." + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Defining variations in the config file.\n", + "\n", + "### Base scenario\n", + "The base scenario is essentially the same as a fixed yaml configuration, but it can contain placeholders that are \n", + "populated with different things at runtime each episode. The base scenario contains any network, agent, or settings that\n", + "remain fixed for the entire training/evaluation session.\n", + "\n", + "The placeholders are defined as YAML Aliases and they are denoted by an asterisk (`*placeholder`).\n", + "\n", + "### Variations\n", + "For each variation that could be used in a placeholder, there is a separate yaml file that contains the data that should populate the placeholder.\n", + "\n", + "The data that fills the placeholder is defined as a YAML Anchor in a separate file, denoted by an ampersand (`&anchor`).\n", + "\n", + "[Learn more about YAML Aliases and Anchors here.](https://www.educative.io/blog/advanced-yaml-syntax-cheatsheet#:~:text=YAML%20Anchors%20and%20Alias)\n", + "\n", + "### Schedule\n", + "Users must define which combination of scenario variations should be loaded in each episode. This takes the form of a\n", + "YAML file with a relative path to the base scenario and a list of paths to be loaded in during each episode.\n", + "\n", + "It takes the following format:\n", + "```yaml\n", + "base_scenario: base.yaml\n", + "schedule:\n", + " 0: # list of variations to load in at episode 0 (before the first call to env.reset() happens)\n", + " - laydown_1.yaml\n", + " - attack_1.yaml\n", + " 1: # list of variations to load in at episode 1 (after the first env.reset() call)\n", + " - laydown_2.yaml\n", + " - attack_2.yaml\n", + "```\n", + "\n" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Demonstration" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Run `primaite setup` to copy the example config files into the correct directory. Then, import and define config location." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "!primaite setup" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "import yaml\n", + "from primaite.session.environment import PrimaiteGymEnv\n", + "from primaite import PRIMAITE_PATHS\n", + "from prettytable import PrettyTable\n", + "scenario_path = PRIMAITE_PATHS.user_config_path / \"example_config/scenario_with_placeholders\"" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Base Scenario File\n", + "Let's view the contents of the base scenario file:\n", + "\n", + "It contains all the base settings that stay fixed throughout all episodes, including the `io_settings`, `game` settings, the network layout and the blue agent definition. There are two placeholders: `*greens` and `*reds`." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"scenario.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Schedule File\n", + "Let's view the contents of the schedule file:\n", + "\n", + "This file references the base scenario file and defines which variations should be loaded in at each episode. In this instance, there are four episodes, during the first episode `greens_0` and `reds_0` is used, during the second episode `greens_0` and `reds_1` is used, and so on." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"schedule.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Green Agent Variation Files\n", + "\n", + "There are three different variants of the green agent setup. In `greens_0`, there are no green agents, in `greens_1` there is a green agent that executes the database client application 80% of the time, and in `greens_2` there is a green agent that executes the database client application 5% of the time.\n", + "\n", + "(the difference between `greens_1` and `greens_2` is in the agent name and action probabilities)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"greens_0.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"greens_1.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"greens_2.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Red Agent Variation Files\n", + "\n", + "There are three different variants of the red agent setup. In `reds_0`, there are no red agents, in `reds_1` there is a red agent that executes every 20 steps, but in `reds_2` there is a red agent that executes every 2 steps." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"reds_0.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"reds_1.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "with open(scenario_path/\"reds_2.yaml\") as f:\n", + " print(f.read())" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Running the simulation" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Create the environment using the variable config." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env = PrimaiteGymEnv(game_config=scenario_path)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Episode 0\n", + "Let' run the episodes to verify that the agents are changing as expected. In episode 0, there should be no green or red agents, just the defender blue agent." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "print(f\"Current episode number: {env.episode_counter}\")\n", + "print(f\"Agents present: {list(env.game.agents.keys())}\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Episode 1\n", + "When we reset the environment, it moves onto episode 1, where it will bring in reds_1 for red agent definition.\n" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env.reset()\n", + "print(f\"Current episode number: {env.episode_counter}\")\n", + "print(f\"Agents present: {list(env.game.agents.keys())}\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Episode 2\n", + "When we reset the environment again, it moves onto episode 2, where it will bring in greens_1 and reds_1 for green and red agent definitions. Let's verify the agent names and that they take actions at the defined frequency.\n", + "\n", + "Most green actions will be `NODE_APPLICATION_EXECUTE` while red will `DONOTHING` except at steps 10 and 20." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env.reset()\n", + "print(f\"Current episode number: {env.episode_counter}\")\n", + "print(f\"Agents present: {list(env.game.agents.keys())}\")\n", + "for i in range(21):\n", + " env.step(0)\n", + "\n", + "table = PrettyTable()\n", + "table.field_names = [\"step\", \"Green Action\", \"Red Action\"]\n", + "for i in range(21):\n", + " green_action = env.game.agents['green_A'].action_history[i].action\n", + " red_action = env.game.agents['red_A'].action_history[i].action\n", + " table.add_row([i, green_action, red_action])\n", + "print(table)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Episode 3\n", + "When we reset the environment again, it moves onto episode 3, where it will bring in greens_2 and reds_2 for green and red agent definitions. Let's verify the agent names and that they take actions at the defined frequency.\n", + "\n", + "Now, green will perform `NODE_APPLICATION_EXECUTE` only 5% of the time, while red will perform `NODE_APPLICATION_EXECUTE` more frequently than before." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env.reset()\n", + "print(f\"Current episode number: {env.episode_counter}\")\n", + "print(f\"Agents present: {list(env.game.agents.keys())}\")\n", + "for i in range(21):\n", + " env.step(0)\n", + "\n", + "table = PrettyTable()\n", + "table.field_names = [\"step\", \"Green Action\", \"Red Action\"]\n", + "for i in range(21):\n", + " green_action = env.game.agents['green_B'].action_history[i].action\n", + " red_action = env.game.agents['red_B'].action_history[i].action\n", + " table.add_row([i, green_action, red_action])\n", + "print(table)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Further Episodes\n", + "\n", + "Since the schedule definition only goes up to episode 3, if we reset the environment again, we run out of episodes. The environment will simply loop back to the beginning, but it produces a warning message to make users aware that the episodes are being repeated." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "env.reset(); # semicolon suppresses jupyter outputting the observation space.\n" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "venv", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.10.12" + } + }, + "nbformat": 4, + "nbformat_minor": 2 +} diff --git a/src/primaite/session/episode_schedule.py b/src/primaite/session/episode_schedule.py index 2245e2b5..c726dcff 100644 --- a/src/primaite/session/episode_schedule.py +++ b/src/primaite/session/episode_schedule.py @@ -1,18 +1,15 @@ import copy from abc import ABC, abstractmethod -from os import PathLike +from itertools import chain from pathlib import Path from typing import Dict, List, Mapping, Sequence, Union import pydantic +import yaml from primaite import getLogger _LOGGER = getLogger(__name__) -import warnings -from itertools import chain - -import yaml class EpisodeScheduler(pydantic.BaseModel, ABC): @@ -28,9 +25,7 @@ class EpisodeScheduler(pydantic.BaseModel, ABC): class ConstantEpisodeScheduler(EpisodeScheduler): - """ - The constant episode schedule simply provides the same game setup every time. - """ + """The constant episode schedule simply provides the same game setup every time.""" config: Dict @@ -40,7 +35,7 @@ class ConstantEpisodeScheduler(EpisodeScheduler): class EpisodeListScheduler(EpisodeScheduler): - """The episode list u""" + """Cycle through a list of different game setups for each episode.""" schedule: Mapping[int, List[str]] """Mapping from episode number to list of filenames""" @@ -56,9 +51,9 @@ class EpisodeListScheduler(EpisodeScheduler): When this happens, we loop back to the beginning, but a warning is raised. """ - # TODO: be careful about off-by-one errors with episode number- should it start at 0 or 1? def __call__(self, episode_num: int) -> Dict: - if episode_num > len(self.schedule): + """Return the config for the given episode number.""" + if episode_num >= len(self.schedule): if not self._exceeded_episode_list: self._exceeded_episode_list = True _LOGGER.warn(