From af4e71db9b4ae3739c155ed72dfe615031900d62 Mon Sep 17 00:00:00 2001 From: Chris McCarthy Date: Fri, 9 Jun 2023 13:11:14 +0100 Subject: [PATCH] #915 - Synced with dev to bring in changes from #898 --- docs/source/config.rst | 38 +-- src/primaite/__init__.py | 6 +- .../lay_down_config_1_DDOS_basic.yaml | 66 ++--- .../lay_down_config_2_DDOS_basic.yaml | 136 +++++------ .../lay_down_config_3_DOS_very_basic.yaml | 76 +++--- .../lay_down_config_5_data_manipulation.yaml | 229 +++++++++--------- src/primaite/environment/primaite_env.py | 67 ++--- .../config/box_obs_space_laydown_config.yaml | 24 +- ...ultidiscrete_obs_space_laydown_config.yaml | 24 +- ...ne_node_states_on_off_lay_down_config.yaml | 60 ++--- ..._space_fixed_blue_actions_main_config.yaml | 117 ++++----- .../single_action_space_lay_down_config.yaml | 25 +- .../single_action_space_main_config.yaml | 117 ++++----- tests/test_single_action_space.py | 29 ++- 14 files changed, 510 insertions(+), 504 deletions(-) diff --git a/docs/source/config.rst b/docs/source/config.rst index a03a5c8d..3c46be1d 100644 --- a/docs/source/config.rst +++ b/docs/source/config.rst @@ -296,15 +296,15 @@ The Lay Down Config The lay down config file consists of the following attributes: -* **itemType: PORTS** [int] +* **item_type: PORTS** [int] Provides a list of ports modelled in this session -* **itemType: SERVICES** [freetext] +* **item_type: SERVICES** [freetext] Provides a list of services modelled in this session -* **itemType: NODE** +* **item_type: NODE** Defines a node included in the system laydown being simulated. It should consist of the following attributes: @@ -323,7 +323,7 @@ The lay down config file consists of the following attributes: * **port** [int]: Integer value of the port related to this service, but must match one of the ports defined for the system in the ports list * **state** [enum]: The initial state of the service. Can be one of GOOD, PATCHING, COMPROMISED or OVERWHELMED -* **itemType: LINK** +* **item_type: LINK** Defines a link included in the system laydown being simulated. It should consist of the following attributes: @@ -333,53 +333,53 @@ The lay down config file consists of the following attributes: * **source** [int]: The ID of the source node * **destination** [int]: The ID of the destination node -* **itemType: GREEN_IER** +* **item_type: GREEN_IER** Defines a green agent Information Exchange Requirement (IER). It should consist of: * **id** [int]: Unique ID for this YAML item - * **startStep** [int]: The start step (in the episode) for this IER to begin - * **endStep** [int]: The end step (in the episode) for this IER to finish + * **start_step** [int]: The start step (in the episode) for this IER to begin + * **end_step** [int]: The end step (in the episode) for this IER to finish * **load** [int]: The load (in bits/s) for this IER to apply to links * **protocol** [freetext]: The protocol to apply to the links. This must match a value in the services list * **port** [int]: The port that the protocol is running on. This must match a value in the ports list * **source** [int]: The ID of the source node * **destination** [int]: The ID of the destination node - * **missionCriticality** [enum]: The mission criticality of this IER (with 5 being highest, 1 lowest) + * **mission_criticality** [enum]: The mission criticality of this IER (with 5 being highest, 1 lowest) -* **itemType: RED_IER** +* **item_type: RED_IER** Defines a red agent Information Exchange Requirement (IER). It should consist of: * **id** [int]: Unique ID for this YAML item - * **startStep** [int]: The start step (in the episode) for this IER to begin - * **endStep** [int]: The end step (in the episode) for this IER to finish + * **start_step** [int]: The start step (in the episode) for this IER to begin + * **end_step** [int]: The end step (in the episode) for this IER to finish * **load** [int]: The load (in bits/s) for this IER to apply to links * **protocol** [freetext]: The protocol to apply to the links. This must match a value in the services list * **port** [int]: The port that the protocol is running on. This must match a value in the ports list * **source** [int]: The ID of the source node * **destination** [int]: The ID of the destination node - * **missionCriticality** [enum]: Not currently used. Default to 0 + * **mission_criticality** [enum]: Not currently used. Default to 0 -* **itemType: GREEN_POL** +* **item_type: GREEN_POL** Defines a green agent pattern-of-life instruction. It should consist of: * **id** [int]: Unique ID for this YAML item - * **startStep** [int]: The start step (in the episode) for this PoL to begin - * **endStep** [int]: Not currently used. Default to same as start step + * **start_step** [int]: The start step (in the episode) for this PoL to begin + * **end_step** [int]: Not currently used. Default to same as start step * **nodeId** [int]: The ID of the node to apply the PoL to * **type** [enum]: The type of PoL to apply. Can be one of OPERATING, OS or SERVICE * **protocol** [freetext]: The protocol to be affected if SERVICE type is chosen. Must match a value in the services list * **state** [enuum]: The state to apply to the node (which represents the PoL change). Can be one of ON, OFF or RESETTING (for node state) or GOOD, PATCHING or COMPROMISED (for Software State) or GOOD, PATCHING, COMPROMISED or OVERWHELMED (for service state) -* **itemType: RED_POL** +* **item_type: RED_POL** Defines a red agent pattern-of-life instruction. It should consist of: * **id** [int]: Unique ID for this YAML item - * **startStep** [int]: The start step (in the episode) for this PoL to begin - * **endStep** [int]: Not currently used. Default to same as start step + * **start_step** [int]: The start step (in the episode) for this PoL to begin + * **end_step** [int]: Not currently used. Default to same as start step * **targetNodeId** [int]: The ID of the node to apply the PoL to * **initiator** [enum]: What initiates the PoL. Can be DIRECT, IER or SERVICE * **type** [enum]: The type of PoL to apply. Can be one of OPERATING, OS or SERVICE @@ -389,7 +389,7 @@ The lay down config file consists of the following attributes: * **sourceNodeService** [freetext]: The service on the source node to check (used for SERVICE initiator). Must match a value in the services list for this node * **sourceNodeServiceState** [enum]: The state of the source node service to check (used for SERVICE initiator). Can be one of GOOD, PATCHING, COMPROMISED or OVERWHELMED -* **itemType: ACL_RULE** +* **item_type: ACL_RULE** Defines an initial Access Control List (ACL) rule. It should consist of: diff --git a/src/primaite/__init__.py b/src/primaite/__init__.py index 4022f9b4..039e66c4 100644 --- a/src/primaite/__init__.py +++ b/src/primaite/__init__.py @@ -64,8 +64,8 @@ _FILE_HANDLER: Final[RotatingFileHandler] = RotatingFileHandler( backupCount=9, # Max 100MB of logs encoding="utf8", ) -_STREAM_HANDLER.setLevel(logging.INFO) -_FILE_HANDLER.setLevel(logging.INFO) +_STREAM_HANDLER.setLevel(logging.DEBUG) +_FILE_HANDLER.setLevel(logging.DEBUG) _LOG_FORMAT_STR: Final[ str @@ -88,7 +88,7 @@ def getLogger(name: str) -> Logger: logging config. """ logger = logging.getLogger(name) - logger.setLevel(logging.INFO) + logger.setLevel(logging.DEBUG) return logger diff --git a/src/primaite/config/_package_data/lay_down/lay_down_config_1_DDOS_basic.yaml b/src/primaite/config/_package_data/lay_down/lay_down_config_1_DDOS_basic.yaml index ada813f3..f7c1e372 100644 --- a/src/primaite/config/_package_data/lay_down/lay_down_config_1_DDOS_basic.yaml +++ b/src/primaite/config/_package_data/lay_down/lay_down_config_1_DDOS_basic.yaml @@ -1,14 +1,14 @@ -- itemType: ACTIONS +- item_type: ACTIONS type: NODE -- itemType: STEPS +- item_type: STEPS steps: 128 -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '80' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: TCP -- itemType: NODE +- item_type: NODE node_id: '1' name: PC1 node_class: SERVICE @@ -22,7 +22,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '2' name: SERVER node_class: SERVICE @@ -36,7 +36,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '3' name: PC2 node_class: SERVICE @@ -50,7 +50,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '4' name: SWITCH1 node_class: ACTIVE @@ -60,7 +60,7 @@ ip_address: 192.168.1.5 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '5' name: SWITCH2 node_class: ACTIVE @@ -70,7 +70,7 @@ ip_address: 192.168.1.6 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '6' name: SWITCH3 node_class: ACTIVE @@ -80,56 +80,56 @@ ip_address: 192.168.1.7 software_state: GOOD file_system_state: GOOD -- itemType: LINK +- item_type: LINK id: '7' name: link1 bandwidth: 1000000000 source: '1' destination: '4' -- itemType: LINK +- item_type: LINK id: '8' name: link2 bandwidth: 1000000000 source: '4' destination: '2' -- itemType: LINK +- item_type: LINK id: '9' name: link3 bandwidth: 1000000000 source: '2' destination: '5' -- itemType: LINK +- item_type: LINK id: '10' name: link4 bandwidth: 1000000000 source: '2' destination: '6' -- itemType: LINK +- item_type: LINK id: '11' name: link5 bandwidth: 1000000000 source: '5' destination: '3' -- itemType: LINK +- item_type: LINK id: '12' name: link6 bandwidth: 1000000000 source: '6' destination: '3' -- itemType: GREEN_IER +- item_type: GREEN_IER id: '13' - startStep: 1 - endStep: 128 + start_step: 1 + end_step: 128 load: 100000 protocol: TCP port: '80' source: '3' destination: '2' - missionCriticality: 5 -- itemType: RED_POL + mission_criticality: 5 +- item_type: RED_POL id: '14' - startStep: 50 - endStep: 50 + start_step: 50 + end_step: 50 targetNodeId: '1' initiator: DIRECT type: SERVICE @@ -138,20 +138,20 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_IER +- item_type: RED_IER id: '15' - startStep: 60 - endStep: 100 + start_step: 60 + end_step: 100 load: 1000000 protocol: TCP port: '80' source: '1' destination: '2' - missionCriticality: 0 -- itemType: RED_POL + mission_criticality: 0 +- item_type: RED_POL id: '16' - startStep: 80 - endStep: 80 + start_step: 80 + end_step: 80 targetNodeId: '2' initiator: IER type: SERVICE @@ -160,7 +160,7 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: ACL_RULE +- item_type: ACL_RULE id: '17' permission: ALLOW source: ANY diff --git a/src/primaite/config/_package_data/lay_down/lay_down_config_2_DDOS_basic.yaml b/src/primaite/config/_package_data/lay_down/lay_down_config_2_DDOS_basic.yaml index 425fe013..e4a3385d 100644 --- a/src/primaite/config/_package_data/lay_down/lay_down_config_2_DDOS_basic.yaml +++ b/src/primaite/config/_package_data/lay_down/lay_down_config_2_DDOS_basic.yaml @@ -1,14 +1,14 @@ -- itemType: ACTIONS +- item_type: ACTIONS type: NODE -- itemType: STEPS +- item_type: STEPS steps: 128 -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '80' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: TCP -- itemType: NODE +- item_type: NODE node_id: '1' name: PC1 node_class: SERVICE @@ -22,7 +22,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '2' name: PC2 node_class: SERVICE @@ -36,7 +36,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '3' name: PC3 node_class: SERVICE @@ -50,7 +50,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '4' name: PC4 node_class: SERVICE @@ -64,7 +64,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '5' name: SWITCH1 node_class: ACTIVE @@ -74,7 +74,7 @@ ip_address: 192.168.1.2 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '6' name: IDS node_class: SERVICE @@ -88,7 +88,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '7' name: SWITCH2 node_class: ACTIVE @@ -98,7 +98,7 @@ ip_address: 192.168.1.3 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '8' name: LOP1 node_class: SERVICE @@ -112,7 +112,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '9' name: SERVER1 node_class: SERVICE @@ -126,7 +126,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '10' name: SERVER2 node_class: SERVICE @@ -140,173 +140,173 @@ - name: TCP port: '80' state: GOOD -- itemType: LINK +- item_type: LINK id: '11' name: link1 bandwidth: 1000000000 source: '1' destination: '5' -- itemType: LINK +- item_type: LINK id: '12' name: link2 bandwidth: 1000000000 source: '2' destination: '5' -- itemType: LINK +- item_type: LINK id: '13' name: link3 bandwidth: 1000000000 source: '3' destination: '5' -- itemType: LINK +- item_type: LINK id: '14' name: link4 bandwidth: 1000000000 source: '4' destination: '5' -- itemType: LINK +- item_type: LINK id: '15' name: link5 bandwidth: 1000000000 source: '5' destination: '6' -- itemType: LINK +- item_type: LINK id: '16' name: link6 bandwidth: 1000000000 source: '5' destination: '8' -- itemType: LINK +- item_type: LINK id: '17' name: link7 bandwidth: 1000000000 source: '6' destination: '7' -- itemType: LINK +- item_type: LINK id: '18' name: link8 bandwidth: 1000000000 source: '8' destination: '7' -- itemType: LINK +- item_type: LINK id: '19' name: link9 bandwidth: 1000000000 source: '7' destination: '9' -- itemType: LINK +- item_type: LINK id: '20' name: link10 bandwidth: 1000000000 source: '7' destination: '10' -- itemType: GREEN_IER +- item_type: GREEN_IER id: '21' - startStep: 1 - endStep: 128 + start_step: 1 + end_step: 128 load: 100000 protocol: TCP port: '80' source: '1' destination: '9' - missionCriticality: 2 -- itemType: GREEN_IER + mission_criticality: 2 +- item_type: GREEN_IER id: '22' - startStep: 1 - endStep: 128 + start_step: 1 + end_step: 128 load: 100000 protocol: TCP port: '80' source: '2' destination: '9' - missionCriticality: 2 -- itemType: GREEN_IER + mission_criticality: 2 +- item_type: GREEN_IER id: '23' - startStep: 1 - endStep: 128 + start_step: 1 + end_step: 128 load: 100000 protocol: TCP port: '80' source: '9' destination: '3' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '24' - startStep: 1 - endStep: 128 + start_step: 1 + end_step: 128 load: 100000 protocol: TCP port: '80' source: '4' destination: '10' - missionCriticality: 2 -- itemType: ACL_RULE + mission_criticality: 2 +- item_type: ACL_RULE id: '25' permission: ALLOW source: 192.168.10.11 destination: 192.168.10.14 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '26' permission: ALLOW source: 192.168.10.12 destination: 192.168.10.14 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '27' permission: ALLOW source: 192.168.10.13 destination: 192.168.10.14 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '28' permission: ALLOW source: 192.168.20.14 destination: 192.168.20.15 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '29' permission: ALLOW source: 192.168.10.14 destination: 192.168.10.13 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '30' permission: DENY source: 192.168.10.11 destination: 192.168.20.15 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '31' permission: DENY source: 192.168.10.12 destination: 192.168.20.15 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '32' permission: DENY source: 192.168.10.13 destination: 192.168.20.15 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '33' permission: DENY source: 192.168.20.14 destination: 192.168.10.14 protocol: TCP port: 80 -- itemType: RED_POL +- item_type: RED_POL id: '34' - startStep: 20 - endStep: 20 + start_step: 20 + end_step: 20 targetNodeId: '1' initiator: DIRECT type: SERVICE @@ -315,10 +315,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '35' - startStep: 20 - endStep: 20 + start_step: 20 + end_step: 20 targetNodeId: '2' initiator: DIRECT type: SERVICE @@ -327,30 +327,30 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_IER +- item_type: RED_IER id: '36' - startStep: 30 - endStep: 128 + start_step: 30 + end_step: 128 load: 440000000 protocol: TCP port: '80' source: '1' destination: '9' - missionCriticality: 0 -- itemType: RED_IER + mission_criticality: 0 +- item_type: RED_IER id: '37' - startStep: 30 - endStep: 128 + start_step: 30 + end_step: 128 load: 440000000 protocol: TCP port: '80' source: '2' destination: '9' - missionCriticality: 0 -- itemType: RED_POL + mission_criticality: 0 +- item_type: RED_POL id: '38' - startStep: 30 - endStep: 30 + start_step: 30 + end_step: 30 targetNodeId: '9' initiator: IER type: SERVICE diff --git a/src/primaite/config/_package_data/lay_down/lay_down_config_3_DOS_very_basic.yaml b/src/primaite/config/_package_data/lay_down/lay_down_config_3_DOS_very_basic.yaml index 8c9b84a6..9f37a6f0 100644 --- a/src/primaite/config/_package_data/lay_down/lay_down_config_3_DOS_very_basic.yaml +++ b/src/primaite/config/_package_data/lay_down/lay_down_config_3_DOS_very_basic.yaml @@ -1,14 +1,14 @@ -- itemType: ACTIONS +- item_type: ACTIONS type: NODE -- itemType: STEPS +- item_type: STEPS steps: 256 -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '80' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: TCP -- itemType: NODE +- item_type: NODE node_id: '1' name: PC1 node_class: SERVICE @@ -22,7 +22,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '2' name: PC2 node_class: SERVICE @@ -36,7 +36,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '3' name: SWITCH1 node_class: ACTIVE @@ -46,7 +46,7 @@ ip_address: 192.168.1.1 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '4' name: SERVER1 node_class: SERVICE @@ -60,79 +60,79 @@ - name: TCP port: '80' state: GOOD -- itemType: LINK +- item_type: LINK id: '5' name: link1 bandwidth: 1000000000 source: '1' destination: '3' -- itemType: LINK +- item_type: LINK id: '6' name: link2 bandwidth: 1000000000 source: '2' destination: '3' -- itemType: LINK +- item_type: LINK id: '7' name: link3 bandwidth: 1000000000 source: '3' destination: '4' -- itemType: GREEN_IER +- item_type: GREEN_IER id: '8' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '1' destination: '4' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '9' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '2' destination: '4' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '10' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '4' destination: '2' - missionCriticality: 5 -- itemType: ACL_RULE + mission_criticality: 5 +- item_type: ACL_RULE id: '11' permission: ALLOW source: 192.168.1.2 destination: 192.168.1.4 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '12' permission: ALLOW source: 192.168.1.3 destination: 192.168.1.4 protocol: TCP port: 80 -- itemType: ACL_RULE +- item_type: ACL_RULE id: '13' permission: ALLOW source: 192.168.1.4 destination: 192.168.1.3 protocol: TCP port: 80 -- itemType: RED_POL +- item_type: RED_POL id: '14' - startStep: 20 - endStep: 20 + start_step: 20 + end_step: 20 targetNodeId: '1' initiator: DIRECT type: SERVICE @@ -141,20 +141,20 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_IER +- item_type: RED_IER id: '15' - startStep: 30 - endStep: 256 + start_step: 30 + end_step: 256 load: 10000000 protocol: TCP port: '80' source: '1' destination: '4' - missionCriticality: 0 -- itemType: RED_POL + mission_criticality: 0 +- item_type: RED_POL id: '16' - startStep: 40 - endStep: 40 + start_step: 40 + end_step: 40 targetNodeId: '4' initiator: IER type: SERVICE diff --git a/src/primaite/config/_package_data/lay_down/lay_down_config_5_data_manipulation.yaml b/src/primaite/config/_package_data/lay_down/lay_down_config_5_data_manipulation.yaml index 1316ccd1..75ab72cf 100644 --- a/src/primaite/config/_package_data/lay_down/lay_down_config_5_data_manipulation.yaml +++ b/src/primaite/config/_package_data/lay_down/lay_down_config_5_data_manipulation.yaml @@ -1,15 +1,14 @@ - -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '80' - port: '1433' - port: '53' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: TCP - name: TCP_SQL - name: UDP -- itemType: NODE +- item_type: NODE node_id: '1' name: CLIENT_1 node_class: SERVICE @@ -26,7 +25,7 @@ - name: UDP port: '53' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '2' name: CLIENT_2 node_class: SERVICE @@ -40,7 +39,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '3' name: SWITCH_1 node_class: ACTIVE @@ -50,7 +49,7 @@ ip_address: 192.168.10.1 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '4' name: SECURITY_SUITE node_class: SERVICE @@ -67,7 +66,7 @@ - name: UDP port: '53' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '5' name: MANAGEMENT_CONSOLE node_class: SERVICE @@ -84,7 +83,7 @@ - name: UDP port: '53' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '6' name: SWITCH_2 node_class: ACTIVE @@ -94,7 +93,7 @@ ip_address: 192.168.2.1 software_state: GOOD file_system_state: GOOD -- itemType: NODE +- item_type: NODE node_id: '7' name: WEB_SERVER node_class: SERVICE @@ -111,7 +110,7 @@ - name: TCP_SQL port: '1433' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '8' name: DATABASE_SERVER node_class: SERVICE @@ -131,7 +130,7 @@ - name: UDP port: '53' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '9' name: BACKUP_SERVER node_class: SERVICE @@ -145,323 +144,323 @@ - name: TCP port: '80' state: GOOD -- itemType: LINK +- item_type: LINK id: '10' name: LINK_1 bandwidth: 1000000000 source: '1' destination: '3' -- itemType: LINK +- item_type: LINK id: '11' name: LINK_2 bandwidth: 1000000000 source: '2' destination: '3' -- itemType: LINK +- item_type: LINK id: '12' name: LINK_3 bandwidth: 1000000000 source: '3' destination: '4' -- itemType: LINK +- item_type: LINK id: '13' name: LINK_4 bandwidth: 1000000000 source: '3' destination: '5' -- itemType: LINK +- item_type: LINK id: '14' name: LINK_5 bandwidth: 1000000000 source: '4' destination: '6' -- itemType: LINK +- item_type: LINK id: '15' name: LINK_6 bandwidth: 1000000000 source: '5' destination: '6' -- itemType: LINK +- item_type: LINK id: '16' name: LINK_7 bandwidth: 1000000000 source: '6' destination: '7' -- itemType: LINK +- item_type: LINK id: '17' name: LINK_8 bandwidth: 1000000000 source: '6' destination: '8' -- itemType: LINK +- item_type: LINK id: '18' name: LINK_9 bandwidth: 1000000000 source: '6' destination: '9' -- itemType: GREEN_IER +- item_type: GREEN_IER id: '19' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '1' destination: '7' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '20' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '7' destination: '1' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '21' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '2' destination: '7' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '22' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 10000 protocol: TCP port: '80' source: '7' destination: '2' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '23' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP_SQL port: '1433' source: '7' destination: '8' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '24' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 100000 protocol: TCP_SQL port: '1433' source: '8' destination: '7' - missionCriticality: 5 -- itemType: GREEN_IER + mission_criticality: 5 +- item_type: GREEN_IER id: '25' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 50000 protocol: TCP port: '80' source: '1' destination: '9' - missionCriticality: 2 -- itemType: GREEN_IER + mission_criticality: 2 +- item_type: GREEN_IER id: '26' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 50000 protocol: TCP port: '80' source: '2' destination: '9' - missionCriticality: 2 -- itemType: GREEN_IER + mission_criticality: 2 +- item_type: GREEN_IER id: '27' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP port: '80' source: '5' destination: '7' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '28' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP port: '80' source: '7' destination: '5' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '29' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP port: '80' source: '5' destination: '8' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '30' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP port: '80' source: '8' destination: '5' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '31' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP port: '80' source: '5' destination: '9' - missionCriticality: 1 -- itemType: GREEN_IER + mission_criticality: 1 +- item_type: GREEN_IER id: '32' - startStep: 1 - endStep: 256 + start_step: 1 + end_step: 256 load: 5000 protocol: TCP port: '80' source: '9' destination: '5' - missionCriticality: 1 -- itemType: ACL_RULE + mission_criticality: 1 +- item_type: ACL_RULE id: '33' permission: ALLOW source: 192.168.10.11 destination: 192.168.2.10 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '34' permission: ALLOW source: 192.168.10.11 destination: 192.168.2.14 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '35' permission: ALLOW source: 192.168.10.12 destination: 192.168.2.14 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '36' permission: ALLOW source: 192.168.10.12 destination: 192.168.2.10 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '37' permission: ALLOW source: 192.168.2.10 destination: 192.168.10.11 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '38' permission: ALLOW source: 192.168.2.10 destination: 192.168.10.12 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '39' permission: ALLOW source: 192.168.2.10 destination: 192.168.2.14 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '40' permission: ALLOW source: 192.168.2.14 destination: 192.168.2.10 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '41' permission: ALLOW source: 192.168.10.11 destination: 192.168.2.16 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '42' permission: ALLOW source: 192.168.10.12 destination: 192.168.2.16 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '43' permission: ALLOW source: 192.168.1.12 destination: 192.168.2.10 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '44' permission: ALLOW source: 192.168.1.12 destination: 192.168.2.14 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '45' permission: ALLOW source: 192.168.1.12 destination: 192.168.2.16 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '46' permission: ALLOW source: 192.168.2.10 destination: 192.168.1.12 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '47' permission: ALLOW source: 192.168.2.14 destination: 192.168.1.12 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '48' permission: ALLOW source: 192.168.2.16 destination: 192.168.1.12 protocol: ANY port: ANY -- itemType: ACL_RULE +- item_type: ACL_RULE id: '49' permission: DENY source: ANY destination: ANY protocol: ANY port: ANY -- itemType: RED_POL +- item_type: RED_POL id: '50' - startStep: 50 - endStep: 50 + start_step: 50 + end_step: 50 targetNodeId: '1' initiator: DIRECT type: SERVICE @@ -470,20 +469,20 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_IER +- item_type: RED_IER id: '51' - startStep: 75 - endStep: 105 + start_step: 75 + end_step: 105 load: 10000 protocol: UDP port: '53' source: '1' destination: '8' - missionCriticality: 0 -- itemType: RED_POL + mission_criticality: 0 +- item_type: RED_POL id: '52' - startStep: 100 - endStep: 100 + start_step: 100 + end_step: 100 targetNodeId: '8' initiator: IER type: SERVICE @@ -492,10 +491,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '53' - startStep: 105 - endStep: 105 + start_step: 105 + end_step: 105 targetNodeId: '8' initiator: SERVICE type: FILE @@ -504,10 +503,10 @@ sourceNodeId: '8' sourceNodeService: UDP sourceNodeServiceState: COMPROMISED -- itemType: RED_POL +- item_type: RED_POL id: '54' - startStep: 105 - endStep: 105 + start_step: 105 + end_step: 105 targetNodeId: '8' initiator: SERVICE type: SERVICE @@ -516,10 +515,10 @@ sourceNodeId: '8' sourceNodeService: UDP sourceNodeServiceState: COMPROMISED -- itemType: RED_POL +- item_type: RED_POL id: '55' - startStep: 125 - endStep: 125 + start_step: 125 + end_step: 125 targetNodeId: '7' initiator: SERVICE type: SERVICE diff --git a/src/primaite/environment/primaite_env.py b/src/primaite/environment/primaite_env.py index d83d269d..4dc08ac3 100644 --- a/src/primaite/environment/primaite_env.py +++ b/src/primaite/environment/primaite_env.py @@ -165,12 +165,10 @@ class Primaite(Env): # Number of ports - gets a value when config is loaded self.num_ports = 0 - # The action type - self.action_type = 0 - # Observation type, by default box. self.observation_type = ObservationType.BOX + # Open the config file and build the environment laydown with open(self._lay_down_config_path, "r") as file: # Open the config file and build the environment laydown @@ -206,7 +204,7 @@ class Primaite(Env): self.observation_space, self.env_obs = self.init_observations() # Define Action Space - depends on action space type (Node or ACL) - if self.action_type == ActionType.NODE: + if self.training_config.action_type == ActionType.NODE: _LOGGER.info("Action space type NODE selected") # Terms (for node action space): # [0, num nodes] - node ID (0 = nothing, node ID) @@ -215,7 +213,7 @@ class Primaite(Env): # [0, num services] - resolves to service ID (0 = nothing, resolves to service) # noqa self.action_dict = self.create_node_action_dict() self.action_space = spaces.Discrete(len(self.action_dict)) - elif self.action_type == ActionType.ACL: + elif self.training_config.action_type == ActionType.ACL: _LOGGER.info("Action space type ACL selected") # Terms (for ACL action space): # [0, 2] - Action (0 = do nothing, 1 = create rule, 2 = delete rule) @@ -226,12 +224,12 @@ class Primaite(Env): # [0, num ports] - Port (0 = any, then 1 -> x resolving to port) self.action_dict = self.create_acl_action_dict() self.action_space = spaces.Discrete(len(self.action_dict)) - elif self.action_type == ActionType.ANY: + elif self.training_config.action_type == ActionType.ANY: _LOGGER.info("Action space type ANY selected - Node + ACL") self.action_dict = self.create_node_and_acl_action_dict() self.action_space = spaces.Discrete(len(self.action_dict)) else: - _LOGGER.info("Invalid action type selected") + _LOGGER.info(f"Invalid action type selected") # Set up a csv to store the results of the training try: header = ["Episode", "Average Reward"] @@ -426,9 +424,12 @@ class Primaite(Env): _action: The action space from the agent """ # At the moment, actions are only affecting nodes - if self.action_type == ActionType.NODE: + print("") + print(_action) + print(self.action_dict) + if self.training_config.action_type == ActionType.NODE: self.apply_actions_to_nodes(_action) - elif self.action_type == ActionType.ACL: + elif self.training_config.action_type == ActionType.ACL: self.apply_actions_to_acl(_action) elif ( len(self.action_dict[_action]) == 6 @@ -901,34 +902,34 @@ class Primaite(Env): def load_lay_down_config(self): """Loads config data in order to build the environment configuration.""" for item in self.lay_down_config: - if item["itemType"] == "NODE": + if item["item_type"] == "NODE": # Create a node self.create_node(item) - elif item["itemType"] == "LINK": + elif item["item_type"] == "LINK": # Create a link self.create_link(item) - elif item["itemType"] == "GREEN_IER": + elif item["item_type"] == "GREEN_IER": # Create a Green IER self.create_green_ier(item) - elif item["itemType"] == "GREEN_POL": + elif item["item_type"] == "GREEN_POL": # Create a Green PoL self.create_green_pol(item) - elif item["itemType"] == "RED_IER": + elif item["item_type"] == "RED_IER": # Create a Red IER self.create_red_ier(item) - elif item["itemType"] == "RED_POL": + elif item["item_type"] == "RED_POL": # Create a Red PoL self.create_red_pol(item) - elif item["itemType"] == "ACL_RULE": + elif item["item_type"] == "ACL_RULE": # Create an ACL rule self.create_acl_rule(item) - elif item["itemType"] == "SERVICES": + elif item["item_type"] == "SERVICES": # Create the list of services self.create_services_list(item) - elif item["itemType"] == "PORTS": + elif item["item_type"] == "PORTS": # Create the list of ports self.create_ports_list(item) - elif item["itemType"] == "OBSERVATIONS": + elif item["item_type"] == "OBSERVATIONS": # Get the observation information self.get_observation_info(item) else: @@ -1071,14 +1072,14 @@ class Primaite(Env): item: A config data item """ ier_id = item["id"] - ier_start_step = item["startStep"] - ier_end_step = item["endStep"] + ier_start_step = item["start_step"] + ier_end_step = item["end_step"] ier_load = item["load"] ier_protocol = item["protocol"] ier_port = item["port"] ier_source = item["source"] ier_destination = item["destination"] - ier_mission_criticality = item["missionCriticality"] + ier_mission_criticality = item["mission_criticality"] # Create IER and add to green IER dictionary self.green_iers[ier_id] = IER( @@ -1101,14 +1102,14 @@ class Primaite(Env): item: A config data item """ ier_id = item["id"] - ier_start_step = item["startStep"] - ier_end_step = item["endStep"] + ier_start_step = item["start_step"] + ier_end_step = item["end_step"] ier_load = item["load"] ier_protocol = item["protocol"] ier_port = item["port"] ier_source = item["source"] ier_destination = item["destination"] - ier_mission_criticality = item["missionCriticality"] + ier_mission_criticality = item["mission_criticality"] # Create IER and add to red IER dictionary self.red_iers[ier_id] = IER( @@ -1131,8 +1132,8 @@ class Primaite(Env): item: A config data item """ pol_id = item["id"] - pol_start_step = item["startStep"] - pol_end_step = item["endStep"] + pol_start_step = item["start_step"] + pol_end_step = item["end_step"] pol_node = item["nodeId"] pol_type = NodePOLType[item["type"]] @@ -1165,8 +1166,8 @@ class Primaite(Env): item: A config data item """ pol_id = item["id"] - pol_start_step = item["startStep"] - pol_end_step = item["endStep"] + pol_start_step = item["start_step"] + pol_end_step = item["end_step"] pol_target_node_id = item["targetNodeId"] pol_initiator = NodePOLInitiator[item["initiator"]] pol_type = NodePOLType[item["type"]] @@ -1226,7 +1227,7 @@ class Primaite(Env): Args: item: A config data item representing the services """ - service_list = services["serviceList"] + service_list = services["service_list"] for service in service_list: service_name = service["name"] @@ -1242,7 +1243,7 @@ class Primaite(Env): Args: item: A config data item representing the ports """ - ports_list = ports["portsList"] + ports_list = ports["ports_list"] for port in ports_list: port_value = port["port"] @@ -1267,10 +1268,10 @@ class Primaite(Env): configuration. """ for item in self.lay_down_config: - if item["itemType"] == "NODE": + if item["item_type"] == "NODE": # Reset a node's state (normal and reference) self.reset_node(item) - elif item["itemType"] == "ACL_RULE": + elif item["item_type"] == "ACL_RULE": # Create an ACL rule (these are cleared on reset, so just need to recreate them) self.create_acl_rule(item) else: diff --git a/tests/config/box_obs_space_laydown_config.yaml b/tests/config/box_obs_space_laydown_config.yaml index 203bc0e7..26e353fa 100644 --- a/tests/config/box_obs_space_laydown_config.yaml +++ b/tests/config/box_obs_space_laydown_config.yaml @@ -1,19 +1,19 @@ -- itemType: ACTIONS +- item_type: ACTIONS type: NODE -- itemType: OBSERVATIONS +- item_type: OBSERVATIONS type: BOX -- itemType: STEPS +- item_type: STEPS steps: 5 -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '80' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: TCP ######################################## # Nodes -- itemType: NODE +- item_type: NODE node_id: '1' name: PC1 node_class: SERVICE @@ -27,7 +27,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '2' name: SERVER node_class: SERVICE @@ -41,7 +41,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '3' name: SWITCH1 node_class: ACTIVE @@ -54,13 +54,13 @@ ######################################## # Links -- itemType: LINK +- item_type: LINK id: '4' name: link1 bandwidth: 1000 source: '1' destination: '3' -- itemType: LINK +- item_type: LINK id: '5' name: link2 bandwidth: 1000 diff --git a/tests/config/multidiscrete_obs_space_laydown_config.yaml b/tests/config/multidiscrete_obs_space_laydown_config.yaml index 38438d6d..d7b3703c 100644 --- a/tests/config/multidiscrete_obs_space_laydown_config.yaml +++ b/tests/config/multidiscrete_obs_space_laydown_config.yaml @@ -1,19 +1,19 @@ -- itemType: ACTIONS +- item_type: ACTIONS type: NODE -- itemType: OBSERVATIONS +- item_type: OBSERVATIONS type: MULTIDISCRETE -- itemType: STEPS +- item_type: STEPS steps: 5 -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '80' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: TCP ######################################## # Nodes -- itemType: NODE +- item_type: NODE node_id: '1' name: PC1 node_class: SERVICE @@ -27,7 +27,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '2' name: SERVER node_class: SERVICE @@ -41,7 +41,7 @@ - name: TCP port: '80' state: GOOD -- itemType: NODE +- item_type: NODE node_id: '3' name: SWITCH1 node_class: ACTIVE @@ -54,13 +54,13 @@ ######################################## # Links -- itemType: LINK +- item_type: LINK id: '4' name: link1 bandwidth: 1000 source: '1' destination: '3' -- itemType: LINK +- item_type: LINK id: '5' name: link2 bandwidth: 1000 diff --git a/tests/config/one_node_states_on_off_lay_down_config.yaml b/tests/config/one_node_states_on_off_lay_down_config.yaml index 70458275..996cf368 100644 --- a/tests/config/one_node_states_on_off_lay_down_config.yaml +++ b/tests/config/one_node_states_on_off_lay_down_config.yaml @@ -1,10 +1,10 @@ -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '21' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: ftp -- itemType: NODE +- item_type: NODE node_id: '1' name: node node_class: SERVICE @@ -18,15 +18,15 @@ - name: ftp port: '21' state: GOOD -- itemType: POSITION +- item_type: POSITION positions: - node: '1' x_pos: 309 y_pos: 78 -- itemType: RED_POL +- item_type: RED_POL id: '1' - startStep: 1 - endStep: 3 + start_step: 1 + end_step: 3 targetNodeId: '1' initiator: DIRECT type: FILE @@ -35,10 +35,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '2' - startStep: 3 - endStep: 15 + start_step: 3 + end_step: 15 targetNodeId: '1' initiator: DIRECT type: FILE @@ -47,10 +47,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '3' - startStep: 4 - endStep: 6 + start_step: 4 + end_step: 6 targetNodeId: '1' initiator: DIRECT type: OPERATING @@ -59,10 +59,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '4' - startStep: 6 - endStep: 15 + start_step: 6 + end_step: 15 targetNodeId: '1' initiator: DIRECT type: OPERATING @@ -71,10 +71,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '5' - startStep: 7 - endStep: 9 + start_step: 7 + end_step: 9 targetNodeId: '1' initiator: DIRECT type: SERVICE @@ -83,10 +83,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '6' - startStep: 9 - endStep: 15 + start_step: 9 + end_step: 15 targetNodeId: '1' initiator: DIRECT type: SERVICE @@ -95,10 +95,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '7' - startStep: 10 - endStep: 12 + start_step: 10 + end_step: 12 targetNodeId: '1' initiator: DIRECT type: OS @@ -107,10 +107,10 @@ sourceNodeId: NA sourceNodeService: NA sourceNodeServiceState: NA -- itemType: RED_POL +- item_type: RED_POL id: '8' - startStep: 12 - endStep: 15 + start_step: 12 + end_step: 15 targetNodeId: '1' initiator: DIRECT type: OS diff --git a/tests/config/single_action_space_fixed_blue_actions_main_config.yaml b/tests/config/single_action_space_fixed_blue_actions_main_config.yaml index 7fcc002f..5c5db582 100644 --- a/tests/config/single_action_space_fixed_blue_actions_main_config.yaml +++ b/tests/config/single_action_space_fixed_blue_actions_main_config.yaml @@ -5,85 +5,90 @@ # "STABLE_BASELINES3_PPO" # "STABLE_BASELINES3_A2C" # "GENERIC" -agentIdentifier: GENERIC +agent_identifier: GENERIC +# Sets How the Action Space is defined: +# "NODE" +# "ACL" +# "ANY" node and acl actions +action_type: ANY # Number of episodes to run per session -numEpisodes: 1 +num_episodes: 1 +# Number of time_steps per episode +num_steps: 15 # Time delay between steps (for generic agents) -timeDelay: 1 -# Filename of the scenario / laydown -configFilename: single_action_space_lay_down_config.yaml +time_delay: 1 # Type of session to be run (TRAINING or EVALUATION) -sessionType: TRAINING +session_type: TRAINING # Determine whether to load an agent from file -loadAgent: False +load_agent: False # File path and file name of agent if you're loading one in -agentLoadFile: C:\[Path]\[agent_saved_filename.zip] +agent_load_file: C:\[Path]\[agent_saved_filename.zip] # Environment config values # The high value for the observation space -observationSpaceHighValue: 1000000000 +observation_space_high_value: 1000000000 # Reward values # Generic -allOk: 0 +all_ok: 0 # Node Operating State -offShouldBeOn: -10 -offShouldBeResetting: -5 -onShouldBeOff: -2 -onShouldBeResetting: -5 -resettingShouldBeOn: -5 -resettingShouldBeOff: -2 +off_should_be_on: -10 +off_should_be_resetting: -5 +on_should_be_off: -2 +on_should_be_resetting: -5 +resetting_should_be_on: -5 +resetting_should_be_off: -2 resetting: -3 # Node O/S or Service State -goodShouldBePatching: 2 -goodShouldBeCompromised: 5 -goodShouldBeOverwhelmed: 5 -patchingShouldBeGood: -5 -patchingShouldBeCompromised: 2 -patchingShouldBeOverwhelmed: 2 +good_should_be_patching: 2 +good_should_be_compromised: 5 +good_should_be_overwhelmed: 5 +patching_should_be_good: -5 +patching_should_be_compromised: 2 +patching_should_be_overwhelmed: 2 patching: -3 -compromisedShouldBeGood: -20 -compromisedShouldBePatching: -20 -compromisedShouldBeOverwhelmed: -20 +compromised_should_be_good: -20 +compromised_should_be_patching: -20 +compromised_should_be_overwhelmed: -20 compromised: -20 -overwhelmedShouldBeGood: -20 -overwhelmedShouldBePatching: -20 -overwhelmedShouldBeCompromised: -20 +overwhelmed_should_be_good: -20 +overwhelmed_should_be_patching: -20 +overwhelmed_should_be_compromised: -20 overwhelmed: -20 # Node File System State -goodShouldBeRepairing: 2 -goodShouldBeRestoring: 2 -goodShouldBeCorrupt: 5 -goodShouldBeDestroyed: 10 -repairingShouldBeGood: -5 -repairingShouldBeRestoring: 2 -repairingShouldBeCorrupt: 2 -repairingShouldBeDestroyed: 0 +good_should_be_repairing: 2 +good_should_be_restoring: 2 +good_should_be_corrupt: 5 +good_should_be_destroyed: 10 +repairing_should_be_good: -5 +repairing_should_be_restoring: 2 +repairing_should_be_corrupt: 2 +repairing_should_be_destroyed: 0 repairing: -3 -restoringShouldBeGood: -10 -restoringShouldBeRepairing: -2 -restoringShouldBeCorrupt: 1 -restoringShouldBeDestroyed: 2 +restoring_should_be_good: -10 +restoring_should_be_repairing: -2 +restoring_should_be_corrupt: 1 +restoring_should_be_destroyed: 2 restoring: -6 -corruptShouldBeGood: -10 -corruptShouldBeRepairing: -10 -corruptShouldBeRestoring: -10 -corruptShouldBeDestroyed: 2 +corrupt_should_be_good: -10 +corrupt_should_be_repairing: -10 +corrupt_should_be_restoring: -10 +corrupt_should_be_destroyed: 2 corrupt: -10 -destroyedShouldBeGood: -20 -destroyedShouldBeRepairing: -20 -destroyedShouldBeRestoring: -20 -destroyedShouldBeCorrupt: -20 +destroyed_should_be_good: -20 +destroyed_should_be_repairing: -20 +destroyed_should_be_restoring: -20 +destroyed_should_be_corrupt: -20 destroyed: -20 scanning: -2 # IER status -redIerRunning: -5 -greenIerBlocked: -10 +red_ier_running: -5 +green_ier_blocked: -10 # Patching / Reset durations -osPatchingDuration: 5 # The time taken to patch the OS -nodeResetDuration: 5 # The time taken to reset a node (hardware) -servicePatchingDuration: 5 # The time taken to patch a service -fileSystemRepairingLimit: 5 # The time take to repair the file system -fileSystemRestoringLimit: 5 # The time take to restore the file system -fileSystemScanningLimit: 5 # The time taken to scan the file system +os_patching_duration: 5 # The time taken to patch the OS +node_reset_duration: 5 # The time taken to reset a node (hardware) +service_patching_duration: 5 # The time taken to patch a service +file_system_repairing_limit: 5 # The time take to repair the file system +file_system_restoring_limit: 5 # The time take to restore the file system +file_system_scanning_limit: 5 # The time taken to scan the file system diff --git a/tests/config/single_action_space_lay_down_config.yaml b/tests/config/single_action_space_lay_down_config.yaml index ab3b170e..c80c0bab 100644 --- a/tests/config/single_action_space_lay_down_config.yaml +++ b/tests/config/single_action_space_lay_down_config.yaml @@ -1,14 +1,10 @@ -- itemType: ACTIONS - type: ANY -- itemType: STEPS - steps: 15 -- itemType: PORTS - portsList: +- item_type: PORTS + ports_list: - port: '21' -- itemType: SERVICES - serviceList: +- item_type: SERVICES + service_list: - name: ftp -- itemType: NODE +- item_type: NODE node_id: '1' name: node node_class: SERVICE @@ -22,7 +18,7 @@ - name: ftp port: '21' state: COMPROMISED -- itemType: NODE +- item_type: NODE node_id: '2' name: server_1 node_class: SERVICE @@ -36,7 +32,7 @@ - name: ftp port: '21' state: COMPROMISED -- itemType: POSITION +- item_type: POSITION positions: - node: '1' x_pos: 309 @@ -44,12 +40,13 @@ - node: '2' x_pos: 200 y_pos: 78 -- itemType: RED_IER +- item_type: RED_IER id: '3' - startStep: 2 - endStep: 15 + start_step: 2 + end_step: 15 load: 1000 protocol: ftp port: CORRUPT source: '1' destination: '2' + mission_criticality: 0 diff --git a/tests/config/single_action_space_main_config.yaml b/tests/config/single_action_space_main_config.yaml index 7fcc002f..42916390 100644 --- a/tests/config/single_action_space_main_config.yaml +++ b/tests/config/single_action_space_main_config.yaml @@ -5,85 +5,90 @@ # "STABLE_BASELINES3_PPO" # "STABLE_BASELINES3_A2C" # "GENERIC" -agentIdentifier: GENERIC +agent_identifier: GENERIC +# Sets How the Action Space is defined: +# "NODE" +# "ACL" +# "ANY" node and acl actions +action_type: ANY # Number of episodes to run per session -numEpisodes: 1 +num_episodes: 1 +# Number of time_steps per episode +num_steps: 15 # Time delay between steps (for generic agents) -timeDelay: 1 -# Filename of the scenario / laydown -configFilename: single_action_space_lay_down_config.yaml +time_delay: 1 # Type of session to be run (TRAINING or EVALUATION) -sessionType: TRAINING +session_type: TRAINING # Determine whether to load an agent from file -loadAgent: False +load_agent: False # File path and file name of agent if you're loading one in -agentLoadFile: C:\[Path]\[agent_saved_filename.zip] +agent_load_file: C:\[Path]\[agent_saved_filename.zip] # Environment config values # The high value for the observation space -observationSpaceHighValue: 1000000000 +observation_space_high_value: 1000000000 # Reward values # Generic -allOk: 0 +all_ok: 0 # Node Operating State -offShouldBeOn: -10 -offShouldBeResetting: -5 -onShouldBeOff: -2 -onShouldBeResetting: -5 -resettingShouldBeOn: -5 -resettingShouldBeOff: -2 +off_should_be_on: -10 +off_should_be_resetting: -5 +on_should_be_off: -2 +on_should_be_resetting: -5 +resetting_should_be_on: -5 +resetting_should_be_off: -2 resetting: -3 # Node O/S or Service State -goodShouldBePatching: 2 -goodShouldBeCompromised: 5 -goodShouldBeOverwhelmed: 5 -patchingShouldBeGood: -5 -patchingShouldBeCompromised: 2 -patchingShouldBeOverwhelmed: 2 +good_should_be_patching: 2 +good_should_be_compromised: 5 +good_should_be_overwhelmed: 5 +patching_should_be_good: -5 +patching_should_be_compromised: 2 +patching_should_be_overwhelmed: 2 patching: -3 -compromisedShouldBeGood: -20 -compromisedShouldBePatching: -20 -compromisedShouldBeOverwhelmed: -20 +compromised_should_be_good: -20 +compromised_should_be_patching: -20 +compromised_should_be_overwhelmed: -20 compromised: -20 -overwhelmedShouldBeGood: -20 -overwhelmedShouldBePatching: -20 -overwhelmedShouldBeCompromised: -20 +overwhelmed_should_be_good: -20 +overwhelmed_should_be_patching: -20 +overwhelmed_should_be_compromised: -20 overwhelmed: -20 # Node File System State -goodShouldBeRepairing: 2 -goodShouldBeRestoring: 2 -goodShouldBeCorrupt: 5 -goodShouldBeDestroyed: 10 -repairingShouldBeGood: -5 -repairingShouldBeRestoring: 2 -repairingShouldBeCorrupt: 2 -repairingShouldBeDestroyed: 0 +good_should_be_repairing: 2 +good_should_be_restoring: 2 +good_should_be_corrupt: 5 +good_should_be_destroyed: 10 +repairing_should_be_good: -5 +repairing_should_be_restoring: 2 +repairing_should_be_corrupt: 2 +repairing_should_be_destroyed: 0 repairing: -3 -restoringShouldBeGood: -10 -restoringShouldBeRepairing: -2 -restoringShouldBeCorrupt: 1 -restoringShouldBeDestroyed: 2 +restoring_should_be_good: -10 +restoring_should_be_repairing: -2 +restoring_should_be_corrupt: 1 +restoring_should_be_destroyed: 2 restoring: -6 -corruptShouldBeGood: -10 -corruptShouldBeRepairing: -10 -corruptShouldBeRestoring: -10 -corruptShouldBeDestroyed: 2 +corrupt_should_be_good: -10 +corrupt_should_be_repairing: -10 +corrupt_should_be_restoring: -10 +corrupt_should_be_destroyed: 2 corrupt: -10 -destroyedShouldBeGood: -20 -destroyedShouldBeRepairing: -20 -destroyedShouldBeRestoring: -20 -destroyedShouldBeCorrupt: -20 +destroyed_should_be_good: -20 +destroyed_should_be_repairing: -20 +destroyed_should_be_restoring: -20 +destroyed_should_be_corrupt: -20 destroyed: -20 scanning: -2 # IER status -redIerRunning: -5 -greenIerBlocked: -10 +red_ier_running: -5 +green_ier_blocked: -10 # Patching / Reset durations -osPatchingDuration: 5 # The time taken to patch the OS -nodeResetDuration: 5 # The time taken to reset a node (hardware) -servicePatchingDuration: 5 # The time taken to patch a service -fileSystemRepairingLimit: 5 # The time take to repair the file system -fileSystemRestoringLimit: 5 # The time take to restore the file system -fileSystemScanningLimit: 5 # The time taken to scan the file system +os_patching_duration: 5 # The time taken to patch the OS +node_reset_duration: 5 # The time taken to reset a node (hardware) +service_patching_duration: 5 # The time taken to patch a service +file_system_repairing_limit: 5 # The time take to repair the file system +file_system_restoring_limit: 5 # The time take to restore the file system +file_system_scanning_limit: 5 # The time taken to scan the file system diff --git a/tests/test_single_action_space.py b/tests/test_single_action_space.py index 75d57f5d..16b9d03e 100644 --- a/tests/test_single_action_space.py +++ b/tests/test_single_action_space.py @@ -1,16 +1,18 @@ import time from primaite.common.enums import HardwareState +from primaite.environment.primaite_env import Primaite from tests import TEST_CONFIG_ROOT from tests.conftest import _get_primaite_env_from_config -def run_generic_set_actions(env, config_values): +def run_generic_set_actions(env: Primaite): """Run against a generic agent with specified blue agent actions.""" # Reset the environment at the start of the episode # env.reset() - for episode in range(0, config_values.num_episodes): - for step in range(0, config_values.num_steps): + training_config = env.training_config + for episode in range(0, training_config.num_episodes): + for step in range(0, training_config.num_steps): # Send the observation space to the agent to get an action # TEMP - random action for now # action = env.blue_agent_action(obs) @@ -34,7 +36,7 @@ def run_generic_set_actions(env, config_values): break # Introduce a delay between steps - time.sleep(config_values.time_delay / 1000) + time.sleep(training_config.time_delay / 1000) # Reset the environment at the end of the episode # env.reset() @@ -44,13 +46,12 @@ def run_generic_set_actions(env, config_values): def test_single_action_space_is_valid(): """Test to ensure the blue agent is using the ACL action space and is carrying out both kinds of operations.""" - env, config_values = _get_primaite_env_from_config( - main_config_path=TEST_CONFIG_ROOT / "single_action_space_main_config.yaml", - lay_down_config_path=TEST_CONFIG_ROOT - / "single_action_space_lay_down_config.yaml", + env = _get_primaite_env_from_config( + training_config_path=TEST_CONFIG_ROOT / "single_action_space_main_config.yaml", + lay_down_config_path=TEST_CONFIG_ROOT / "single_action_space_lay_down_config.yaml", ) - run_generic_set_actions(env, config_values) + run_generic_set_actions(env) # Retrieve the action space dictionary values from environment env_action_space_dict = env.action_dict.values() @@ -75,14 +76,12 @@ def test_single_action_space_is_valid(): def test_agent_is_executing_actions_from_both_spaces(): """Test to ensure the blue agent is carrying out both kinds of operations (NODE & ACL).""" - env, config_values = _get_primaite_env_from_config( - main_config_path=TEST_CONFIG_ROOT - / "single_action_space_fixed_blue_actions_main_config.yaml", - lay_down_config_path=TEST_CONFIG_ROOT - / "single_action_space_lay_down_config.yaml", + env = _get_primaite_env_from_config( + training_config_path=TEST_CONFIG_ROOT / "single_action_space_fixed_blue_actions_main_config.yaml", + lay_down_config_path=TEST_CONFIG_ROOT / "single_action_space_lay_down_config.yaml", ) # Run environment with specified fixed blue agent actions only - run_generic_set_actions(env, config_values) + run_generic_set_actions(env) # Retrieve hardware state of computer_1 node in laydown config # Agent turned this off in Step 5 computer_node_hardware_state = env.nodes["1"].hardware_state