521580ea12
## Summary * Ports are no longer enums, they are now plain integers * Ports are no longer validated against a list of pre-defined ports, any integer from 0-65535 can be used now. * Port enum was replaced with a convenience port lookup. For example any expression in the form `Port.HTTP` was replaced with `PORT_LOOKUP["HTTP"]` which resolves to the integer 80. * Some tests were adjusted to use the new syntax for ports * Backwards compatibility for YAML configs has been retained by adding pydantic validators to automatically convert named ports to integer counterparts, however defining action/observation spaces in code now requires users to specify ports as integers instead of port enum objects. For instance, monitored_ports in the ACL observation space will now look like this: `[53, 80]` instead of `[Port.DNS, Port.HTTP]` * Plugins can extend the port lookup, however it is not necessary because it's possible to use integer literals. * Airspace has been treated similarly, except airspace frequencies have multiple attributes, namely max_data_rate_bps. Therefore, the lookup for named Frequencies resolves to a dictionary of freq_hz (float), and max_data_rate_bps (float) * Airspace logic has been adjusted accordingly to use the new dictionary for tracking bandwidth limits * A new method for registering new airspace frequencies has been added. Plugins that add new frequencies can call `register_default_frequency`, after which any new airspace will have access to that frequency. * For consistency, `IPProtocol` was also changed to be a lookup instead of an enum. It is not extendable by plugins as so far we have not needed to model additional protocols in our plugin. These changes were necessary as it's not possible to extend enums in python, therefore plugins would not have been able to add new ports. There is an added benefit that this is a stepping stone towards support communication on dynamic and ephemeral ports. ## Test process *How have you tested this (if applicable)?* ## Checklist - [X] PR is linked to a **work item** - [X] **acceptance criteria** of linked ticket are met - [X] performed **self-review** of the code - [ ] written **tests** for any new functionality added with this PR - [ ] updated the **documentation** if this PR changes or adds functionality - [ ] written/updated **design docs** if this PR implements new functionality - [ ] updated the **change log** - [X] ran **pre-commit** checks for code style - [X] attended to any **TO-DOs** left in the code
PrimAITE
The ARCD Primary-level AI Training Environment (PrimAITE) provides an effective simulation capability for the purposes of training and evaluating AI in a cyber-defensive role. It incorporates the functionality required of a primary-level ARCD environment, which includes:
-
The ability to model a relevant platform / system context;
-
The ability to model key characteristics of a platform / system by representing connections, IP addresses, ports, traffic loading, operating systems and services;
-
Operates at machine-speed to enable fast training cycles.
PrimAITE presents the following features:
-
Highly configurable (via YAML files) to provide the means to model a variety of platform / system laydowns and adversarial attack scenarios;
-
A Reinforcement Learning (RL) reward function based on (a) the ability to counter the specific modelled adversarial cyber-attack, and (b) the ability to ensure success;
-
Provision of logging to support AI evaluation and metrics gathering;
-
Realistic network traffic simulation, including address and sending packets via internet protocols like TCP, UDP, ICMP, and others
-
Routers with traffic routing and firewall capabilities
-
Support for multiple agents, each having their own customisable observation space, action space, and reward function definition, and either deterministic or RL-directed behaviour
Getting Started with PrimAITE
💫 Installation
PrimAITE is designed to be OS-agnostic, and thus should work on most variations/distros of Linux, Windows, and MacOS. Currently, the PrimAITE wheel can only be installed from GitHub. This may change in the future with release to PyPi.
Windows (PowerShell)
Prerequisites:
- Manual install of Python >= 3.9 < 3.12
Install:
mkdir ~\primaite
cd ~\primaite
python3 -m venv .venv
attrib +h .venv /s /d # Hides the .venv directory
.\.venv\Scripts\activate
pip install primaite-{VERSION}-py3-none-any.whl[rl]
primaite setup
Unix
Prerequisites:
- Manual install of Python >= 3.8 < 3.12
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt install python3.10
sudo apt-get install python3-pip
sudo apt-get install python3-venv
Install:
mkdir ~/primaite
cd ~/primaite
python3 -m venv .venv
source .venv/bin/activate
pip install primaite-{VERSION}-py3-none-any.whl[rl]
primaite setup
Developer Install from Source
To make your own changes to PrimAITE, perform the install from source (developer install)
1. Clone the PrimAITE repository
git clone git@github.com:{todo:fill in URL}/PrimAITE.git
2. CD into the repo directory
cd PrimAITE
3. Create a new python virtual environment (venv)
python3 -m venv venv
4. Activate the venv
Unix
source venv/bin/activate
Windows (Powershell)
.\venv\Scripts\activate
5. Install primaite with the dev extra into the venv along with all of it's dependencies
python3 -m pip install -e .[dev,rl]
6. Perform the PrimAITE setup:
primaite setup
Note
It is possible to install PrimAITE without Ray RLLib, StableBaselines3, or any deep learning libraries by omitting the rl flag in the pip install command.
Running PrimAITE
Use the provided jupyter notebooks as a starting point to try running PrimAITE. They are automatically copied to your PrimAITE notebook folder when you run primaite setup.
1. Activate the virtual environment
Windows (Powershell)
.\venv\Scripts\activate
Unix
source venv/bin/activate
2. Open jupyter notebook
python -m jupyter notebook
Then, click the URL provided by the jupyter command to open the jupyter application in your browser. You can also open notebooks in your IDE if supported.
📚 Documentation
Pre requisites
Building the documentation requires the installation of Pandoc
Unix
sudo apt-get install pandoc
Other operating systems
Follow the steps in https://pandoc.org/installing.html
Building the documentation
The PrimAITE documentation can be built with the following commands:
Unix
cd docs
make html
Windows (Powershell)
cd docs
.\make.bat html
Example notebooks
Check out the example notebooks to learn more about how PrimAITE works and how you can use it to train agents. They are automatically copied to your primaite installation directory when you run primaite setup.