oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a71ded8ecf05aa9e0a2d6284d569a82ac1f1c144
PrimAITE/tests/assets/configs/data_manipulation.yaml
Archer Bowen a71ded8ecf #3110 UC2 Notebook changes: 
- YAML obs nest dict updated
- `friendly_output_red_action` updated
- `NMNE` section moved into the same timestep that the attack takes place.
- General OBS print is neater and less bloated
- ACL's code snippets assumed that ACL's indexed at 1 (as they did previously). However, this is no longer the case. (Updated config to reflect this)
- Remove un-necessary env.reset(). (We already reset at the start of the notebook - users can just run-run the notebook)
2025-03-11 12:58:59 +00:00

831 lines
23 KiB
YAML
Raw Blame History

metadata:
version: 3.0
io_settings:
save_agent_actions: true
save_step_metadata: false
save_pcap_logs: false
save_sys_logs: false
sys_log_level: WARNING
game:
max_episode_length: 128
ports:
- HTTP
- POSTGRES_SERVER
protocols:
- ICMP
- TCP
- UDP
thresholds:
nmne:
high: 10
medium: 5
low: 0
agents:
- ref: client_2_green_user
team: GREEN
type: probabilistic-agent
agent_settings:
action_probabilities:
0: 0.3
1: 0.6
2: 0.1
action_space:
action_map:
0:
action: do-nothing
options: {}
1:
action: node-application-execute
options:
node_name: client_2
application_name: web-browser
2:
action: node-application-execute
options:
node_name: client_2
application_name: database-client
reward_function:
reward_components:
- type: webpage-unavailable-penalty
weight: 0.25
options:
node_hostname: client_2
- type: green-admin-database-unreachable-penalty
weight: 0.05
options:
node_hostname: client_2
- ref: client_1_green_user
team: GREEN
type: probabilistic-agent
agent_settings:
action_probabilities:
0: 0.3
1: 0.6
2: 0.1
action_space:
action_map:
0:
action: do-nothing
options: {}
1:
action: node-application-execute
options:
node_name: client_1
application_name: web-browser
2:
action: node-application-execute
options:
node_name: client_1
application_name: web-browser
reward_function:
reward_components:
- type: webpage-unavailable-penalty
weight: 0.25
options:
node_hostname: client_1
- type: green-admin-database-unreachable-penalty
weight: 0.05
options:
node_hostname: client_1
- ref: data_manipulation_attacker
team: RED
type: red-database-corrupting-agent
agent_settings: # options specific to this particular agent type, basically args of __init__(self)
possible_start_nodes: [client_1, client_2]
target_application: data-manipulation-bot
start_step: 25
frequency: 20
variance: 5
- ref: defender
team: BLUE
type: proxy-agent
observation_space:
type: custom
options:
components:
- type: nodes
label: NODES
options:
hosts:
- hostname: domain_controller
- hostname: web_server
services:
- service_name: web-server
- hostname: database_server
folders:
- folder_name: database
files:
- file_name: database.db
- hostname: backup_server
- hostname: security_suite
- hostname: client_1
- hostname: client_2
num_services: 1
num_applications: 0
num_folders: 1
num_files: 1
num_nics: 2
include_num_access: false
include_nmne: true
monitored_traffic:
icmp:
- NONE
tcp:
- DNS
routers:
- hostname: router_1
num_ports: 0
ip_list:
- 192.168.1.10
- 192.168.1.12
- 192.168.1.14
- 192.168.1.16
- 192.168.1.110
- 192.168.10.21
- 192.168.10.22
- 192.168.10.110
wildcard_list:
- 0.0.0.1
port_list:
- HTTP
- POSTGRES_SERVER
protocol_list:
- ICMP
- TCP
- UDP
num_rules: 10
- type: links
label: LINKS
options:
link_references:
- router_1:eth-1<->switch_1:eth-8
- router_1:eth-2<->switch_2:eth-8
- switch_1:eth-1<->domain_controller:eth-1
- switch_1:eth-2<->web_server:eth-1
- switch_1:eth-3<->database_server:eth-1
- switch_1:eth-4<->backup_server:eth-1
- switch_1:eth-7<->security_suite:eth-1
- switch_2:eth-1<->client_1:eth-1
- switch_2:eth-2<->client_2:eth-1
- switch_2:eth-7<->security_suite:eth-2
- type: "none"
label: ICS
options: {}
action_space:
action_map:
0:
action: do-nothing
options: {}
# scan webapp service
1:
action: node-service-scan
options:
node_name: web_server
service_name: web-server
# stop webapp service
2:
action: node-service-stop
options:
node_name: web_server
service_name: web-server
# start webapp service
3:
action: "node-service-start"
options:
node_name: web_server
service_name: web-server
4:
action: "node-service-pause"
options:
node_name: web_server
service_name: web-server
5:
action: "node-service-resume"
options:
node_name: web_server
service_name: web-server
6:
action: "node-service-restart"
options:
node_name: web_server
service_name: web-server
7:
action: "node-service-disable"
options:
node_name: web_server
service_name: web-server
8:
action: "node-service-enable"
options:
node_name: web_server
service_name: web-server
9: # check database.db file
action: "node-file-scan"
options:
node_name: database_server
folder_name: database
file_name: database.db
10:
action: "node-file-scan" # CHECKHASH replaced by SCAN - but the behaviour is the same in this context.
options:
node_name: database_server
folder_name: database
file_name: database.db
11:
action: "node-file-delete"
options:
node_name: database_server
folder_name: database
file_name: database.db
12:
action: "node-file-repair"
options:
node_name: database_server
folder_name: database
file_name: database.db
13:
action: "node-service-fix"
options:
node_name: database_server
service_name: database-service
14:
action: "node-folder-scan"
options:
node_name: database_server
folder_name: database
15:
action: "node-folder-scan" # CHECKHASH replaced by SCAN - but the behaviour is the same in this context.
options:
node_name: database_server
folder_name: database
16:
action: "node-folder-repair"
options:
node_name: database_server
folder_name: database
17:
action: "node-folder-restore"
options:
node_name: database_server
folder_name: database
18:
action: "node-os-scan"
options:
node_name: domain_controller
19:
action: "node-shutdown"
options:
node_name: domain_controller
20:
action: node-startup
options:
node_name: domain_controller
21:
action: node-reset
options:
node_name: domain_controller
22:
action: "node-os-scan"
options:
node_name: web_server
23:
action: "node-shutdown"
options:
node_name: web_server
24:
action: node-startup
options:
node_name: web_server
25:
action: node-reset
options:
node_name: web_server
26: # old action num: 18
action: "node-os-scan"
options:
node_name: database_server
27:
action: "node-shutdown"
options:
node_name: database_server
28:
action: node-startup
options:
node_name: database_server
29:
action: node-reset
options:
node_name: database_server
30:
action: "node-os-scan"
options:
node_name: backup_server
31:
action: "node-shutdown"
options:
node_name: backup_server
32:
action: node-startup
options:
node_name: backup_server
33:
action: node-reset
options:
node_name: backup_server
34:
action: "node-os-scan"
options:
node_name: security_suite
35:
action: "node-shutdown"
options:
node_name: security_suite
36:
action: node-startup
options:
node_name: security_suite
37:
action: node-reset
options:
node_name: security_suite
38:
action: "node-os-scan"
options:
node_name: client_1
39: # old action num: 19 # shutdown client 1
action: "node-shutdown"
options:
node_name: client_1
40: # old action num: 20
action: node-startup
options:
node_name: client_1
41: # old action num: 21
action: node-reset
options:
node_name: client_1
42:
action: "node-os-scan"
options:
node_name: client_2
43:
action: "node-shutdown"
options:
node_name: client_2
44:
action: node-startup
options:
node_name: client_2
45:
action: node-reset
options:
node_name: client_2
46: # old action num: 22 # "acl: ADDRULE - Block outgoing traffic from client 1"
action: "router-acl-add-rule"
options:
target_router: router_1
position: 0
permission: DENY
src_ip: 192.168.10.21 # client 1
dst_ip: ALL # ALL
src_port: ALL
dst_port: ALL
protocol_name: ALL
src_wildcard: NONE
dst_wildcard: NONE
47: # old action num: 23 # "acl: ADDRULE - Block outgoing traffic from client 2"
action: "router-acl-add-rule"
options:
target_router: router_1
position: 1
permission: DENY
src_ip: 192.168.10.22 # client 2
dst_ip: ALL # ALL
src_port: ALL
dst_port: ALL
protocol_name: ALL
src_wildcard: NONE
dst_wildcard: NONE
48: # old action num: 24 # block tcp traffic from client 1 to web app
action: "router-acl-add-rule"
options:
target_router: router_1
position: 2
permission: DENY
src_ip: 192.168.10.21 # client 1
dst_ip: 192.168.1.12 # web server
src_port: ALL
dst_port: ALL
protocol_name: TCP
src_wildcard: NONE
dst_wildcard: NONE
49: # old action num: 25 # block tcp traffic from client 2 to web app
action: "router-acl-add-rule"
options:
target_router: router_1
position: 3
permission: DENY
src_ip: 192.168.10.22 # client 2
dst_ip: 192.168.1.12 # web server
src_port: ALL
dst_port: ALL
protocol_name: TCP
src_wildcard: NONE
dst_wildcard: NONE
50: # old action num: 26
action: "router-acl-add-rule"
options:
target_router: router_1
position: 4
permission: DENY
src_ip: 192.168.10.21 # client 1
dst_ip: 192.168.1.14 # database
src_port: ALL
dst_port: ALL
protocol_name: TCP
src_wildcard: NONE
dst_wildcard: NONE
51: # old action num: 27
action: "router-acl-add-rule"
options:
target_router: router_1
position: 5
permission: DENY
src_ip: 192.168.10.22 # client 2
dst_ip: 192.168.1.14 # database
src_port: ALL
dst_port: ALL
protocol_name: TCP
src_wildcard: NONE
dst_wildcard: NONE
52: # old action num: 28
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 0
53: # old action num: 29
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 1
54: # old action num: 30
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 2
55: # old action num: 31
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 3
56: # old action num: 32
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 4
57: # old action num: 33
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 5
58: # old action num: 34
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 6
59: # old action num: 35
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 7
60: # old action num: 36
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 8
61: # old action num: 37
action: "router-acl-remove-rule"
options:
target_router: router_1
position: 9
62: # old action num: 38
action: "host-nic-disable"
options:
node_name: domain_controller
nic_num: 1
63: # old action num: 39
action: "host-nic-enable"
options:
node_name: domain_controller
nic_num: 1
64: # old action num: 40
action: "host-nic-disable"
options:
node_name: web_server
nic_num: 1
65: # old action num: 41
action: "host-nic-enable"
options:
node_name: web_server
nic_num: 1
66: # old action num: 42
action: "host-nic-disable"
options:
node_name: database_server
nic_num: 1
67: # old action num: 43
action: "host-nic-enable"
options:
node_name: database_server
nic_num: 1
68: # old action num: 44
action: "host-nic-disable"
options:
node_name: backup_server
nic_num: 1
69: # old action num: 45
action: "host-nic-enable"
options:
node_name: backup_server
nic_num: 1
70: # old action num: 46
action: "host-nic-disable"
options:
node_name: security_suite
nic_num: 1
71: # old action num: 47
action: "host-nic-enable"
options:
node_name: security_suite
nic_num: 1
72: # old action num: 48
action: "host-nic-disable"
options:
node_name: security_suite
nic_num: 2
73: # old action num: 49
action: "host-nic-enable"
options:
node_name: security_suite
nic_num: 2
74: # old action num: 50
action: "host-nic-disable"
options:
node_name: client_1
nic_num: 1
75: # old action num: 51
action: "host-nic-enable"
options:
node_name: client_1
nic_num: 1
76: # old action num: 52
action: "host-nic-disable"
options:
node_name: client_2
nic_num: 1
77: # old action num: 53
action: "host-nic-enable"
options:
node_name: client_2
nic_num: 1
reward_function:
reward_components:
- type: database-file-integrity
weight: 0.40
options:
node_hostname: database_server
folder_name: database
file_name: database.db
- type: shared-reward
weight: 1.0
options:
agent_name: client_1_green_user
- type: shared-reward
weight: 1.0
options:
agent_name: client_2_green_user
agent_settings:
flatten_obs: true
action_masking: true
simulation:
network:
nmne_config:
capture_nmne: true
nmne_capture_keywords:
- DELETE
nodes:
- hostname: router_1
type: router
num_ports: 5
ports:
1:
ip_address: 192.168.1.1
subnet_mask: 255.255.255.0
2:
ip_address: 192.168.10.1
subnet_mask: 255.255.255.0
acl:
18:
action: PERMIT
src_port: POSTGRES_SERVER
dst_port: POSTGRES_SERVER
19:
action: PERMIT
src_port: DNS
dst_port: DNS
20:
action: PERMIT
src_port: FTP
dst_port: FTP
21:
action: PERMIT
src_port: HTTP
dst_port: HTTP
22:
action: PERMIT
src_port: ARP
dst_port: ARP
23:
action: PERMIT
protocol: ICMP
- hostname: switch_1
type: switch
num_ports: 8
- hostname: switch_2
type: switch
num_ports: 8
- hostname: domain_controller
type: server
ip_address: 192.168.1.10
subnet_mask: 255.255.255.0
default_gateway: 192.168.1.1
services:
- type: dns-server
options:
domain_mapping:
arcd.com: 192.168.1.12 # web server
- hostname: web_server
type: server
ip_address: 192.168.1.12
subnet_mask: 255.255.255.0
default_gateway: 192.168.1.1
dns_server: 192.168.1.10
services:
- type: web-server
applications:
- type: database-client
options:
db_server_ip: 192.168.1.14
- hostname: database_server
type: server
ip_address: 192.168.1.14
subnet_mask: 255.255.255.0
default_gateway: 192.168.1.1
dns_server: 192.168.1.10
services:
- type: database-service
options:
backup_server_ip: 192.168.1.16
- type: ftp-client
- hostname: backup_server
type: server
ip_address: 192.168.1.16
subnet_mask: 255.255.255.0
default_gateway: 192.168.1.1
dns_server: 192.168.1.10
services:
- type: ftp-server
- hostname: security_suite
type: server
ip_address: 192.168.1.110
subnet_mask: 255.255.255.0
default_gateway: 192.168.1.1
dns_server: 192.168.1.10
network_interfaces:
2: # unfortunately this number is currently meaningless, they're just added in order and take up the next available slot
ip_address: 192.168.10.110
subnet_mask: 255.255.255.0
- hostname: client_1
type: computer
ip_address: 192.168.10.21
subnet_mask: 255.255.255.0
default_gateway: 192.168.10.1
dns_server: 192.168.1.10
applications:
- type: data-manipulation-bot
options:
port_scan_p_of_success: 0.8
data_manipulation_p_of_success: 0.8
payload: "DELETE"
server_ip: 192.168.1.14
- type: web-browser
options:
target_url: http://arcd.com/users/
- type: database-client
options:
db_server_ip: 192.168.1.14
services:
- type: dns-client
- hostname: client_2
type: computer
ip_address: 192.168.10.22
subnet_mask: 255.255.255.0
default_gateway: 192.168.10.1
dns_server: 192.168.1.10
applications:
- type: web-browser
options:
target_url: http://arcd.com/users/
- type: data-manipulation-bot
options:
port_scan_p_of_success: 0.8
data_manipulation_p_of_success: 0.8
payload: "DELETE"
server_ip: 192.168.1.14
- type: database-client
options:
db_server_ip: 192.168.1.14
services:
- type: dns-client
links:
- endpoint_a_hostname: router_1
endpoint_a_port: 1
endpoint_b_hostname: switch_1
endpoint_b_port: 8
- endpoint_a_hostname: router_1
endpoint_a_port: 2
endpoint_b_hostname: switch_2
endpoint_b_port: 8
- endpoint_a_hostname: switch_1
endpoint_a_port: 1
endpoint_b_hostname: domain_controller
endpoint_b_port: 1
- endpoint_a_hostname: switch_1
endpoint_a_port: 2
endpoint_b_hostname: web_server
endpoint_b_port: 1
- endpoint_a_hostname: switch_1
endpoint_a_port: 3
endpoint_b_hostname: database_server
endpoint_b_port: 1
- endpoint_a_hostname: switch_1
endpoint_a_port: 4
endpoint_b_hostname: backup_server
endpoint_b_port: 1
- endpoint_a_hostname: switch_1
endpoint_a_port: 7
endpoint_b_hostname: security_suite
endpoint_b_port: 1
- endpoint_a_hostname: switch_2
endpoint_a_port: 1
endpoint_b_hostname: client_1
endpoint_b_port: 1
- endpoint_a_hostname: switch_2
endpoint_a_port: 2
endpoint_b_hostname: client_2
endpoint_b_port: 1
- endpoint_a_hostname: switch_2
endpoint_a_port: 7
endpoint_b_hostname: security_suite
endpoint_b_port: 2
Reference in New Issue View Git Blame Copy Permalink