693c9489e1
## Summary
### ACL List
First change was I changed `access_control_list.py` from a `dict` to a `list` so it is now an ordered structure. This was done so I could implement the positions inside the `ACL` and `ANY` action spaces.
From this, some functions have changed such as `add_rule` and `remove_rule`, `is_blocked` and `get_relevant_rules`.
The ACL list is now a fixed size and on initialisation it is filled with `None` types. When a function calls `self.acl` the `implicit rule` (if there is one) is added after the last `ACLRule` object in the list. The remainder of the list (if there is left over space) is padded out with `None`.
As the agent adds rules, the `None` are replaced by `ACLRule` objects and the agent cannot overwrite an existing `ACLRule` with another, it can only write over `None` types.
### ACL Training Config Changes
Changes have been made to the `training_config_main.yaml`. There are 2 new items:
`implicit_acl_rule:` - Implicit ACL firewall rule at end of list to be default action (ALLOW or DENY)
`max_number_acl_rules:` - Total number of ACL rules allowed in the environment
In the `OBSERVATION_SPACE` area of the config, `ACCESS_CONTROL_LIST` can be selected
They have default values if none are specified so for the older configs - these values are in the `TrainingConfig` dataclass.
### ACL and ANY Action Spaces
I changed the ACL space from length of 6 to 7. I have included the `position` of where the agent wants to position the ACL Rule.
`position` = index in `self.acl` with bounds [0 to ...]
As a result, total possible actions have gone up.
### ACL Observation Space
In the observations.py I have made a new observation component: Access Control List.
It has the following mappings/meanings:
[0, 1, 2] - Permission (0 = NA, 1 = DENY, 2 = ALLOW)
[0, num nodes] - Source IP (0 = NA, 1 = any, then 2 -> x resolving to Node IDs)
[0, num nodes] - Dest IP (0 = NA, 1 = any, then 2 -> x resolving to Node IDs)
[0, num services] - Protocol (0 = NA, 1 = any, then 2 -> x resolving to protocol)
[0, num ports] - Port (0 = NA, 1 = any, then 2 -> x resolving to port)
[0, max acl rules - 1] - Position (0 = NA, 1 = first index, then 2 -> x index resolving to acl rule in acl list)
I created a new 0 meaning, which means NA and represents the None objects in the ACLList.
Also, there is no 'flatten' in the observation space components and this has been done in the observations.py now if there are multiple components.
## Test process
I have written tests in a new `TestAccessControlList` object in `test_observations.py`.
I ran a single test which was 1000 episodes, SB3/PPO, Config 5 and ACL Observation Space. I seemed to get some interesting results which may need investigating on Monday.
## Checklist
- ...
PrimAITE
Getting Started with PrimAITE
Pre-Requisites
In order to get PrimAITE installed, you will need to have the following installed:
python3.8+python3-pipvirtualenv
PrimAITE is designed to be OS-agnostic, and thus should work on most variations/distros of Linux, Windows, and MacOS.
Installation from source
1. Navigate to the PrimAITE folder and create a new python virtual environment (venv)
python3 -m venv <name_of_venv>
2. Activate the venv
Unix
source <name_of_venv>/bin/activate
Windows
.\<name_of_venv>\Scripts\activate
3. Install primaite into the venv along with all of it's dependencies
python3 -m pip install -e .
Development Installation
To install the development dependencies, postfix the command in step 3 above with the [dev] extra. Example:
python3 -m pip install -e .[dev]
Building documentation
The PrimAITE documentation can be built with the following commands:
Unix
cd docs
make html
Windows
cd docs
.\make.bat html
This will build the documentation as a collection of HTML files which uses the Read The Docs sphinx theme. Other build options are available but may require additional dependencies such as LaTeX and PDF. Please refer to the Sphinx documentation for your specific output requirements.