Simulating cyber attacks and countermeasures using Cyber Operations Research Gym (CybORG)
| Title | Simulating cyber attacks and countermeasures using Cyber Operations Research Gym (CybORG) |
|---|---|
| Summary | Develop a simulation-based study of cyber attacks and countermeasures in CybORG, comparing baseline scripted defenses with reinforcement learning–based adaptive defenders to identify effective strategies for protecting networked systems. |
| Keywords | |
| TimeFrame | |
| References | Quantitative Resilience Modeling for Autonomous Cyber Defense
https://rlj.cs.umass.edu/2025/papers/RLJ_RLC_2025_99.pdf Interpreting Agent Behaviors in Reinforcement-Learning-Based Cyber-Battle Simulation Platforms https://arxiv.org/html/2506.08192v1 CybORG: https://github.com/cage-challenge/cyborg?utm_source=chatgpt.com |
| Prerequisites | |
| Author | |
| Supervisor | Edison Pignaton de Freitas |
| Level | Master |
| Status | Open |
Work in partnership with the Fraunhofer FKIE Institute in Bonn, Germany
Project Goal: Develop a simulation-based study of cyber attacks and countermeasures in CybORG, comparing baseline scripted defenses with reinforcement learning–based adaptive defenders to identify effective strategies for protecting networked systems.
Proposed Solution & Specific Tasks:
Set up CybORG environment: Install CybORG and familiarize with its baseline scenarios (e.g., red team exploiting vulnerable hosts, blue team defending services). Select representative scenarios (e.g., privilege escalation, lateral movement, persistence).
Model Attacks: Implement or tune red-team agents using scripted attack strategies (e.g., scanning, brute force, exploit chaining). Explore adaptive attackers using RL (e.g., Deep Q-Networks, PPO).
Design Defenses: Implement baseline defenses (patching, service monitoring, port blocking). Develop blue-team agents with reinforcement learning to dynamically choose defense actions (e.g., isolate host, restart service, deception).
Experimentation: Run controlled experiments where red-team agents attack and blue-team agents defend. Compare performance across different strategies (static rules vs. adaptive RL).
Analysis & Visualization: Collect metrics on attacker success rate, defender cost, time-to-compromise, and system availability. Visualize attack-defense dynamics over simulation episodes.
Evaluation Criteria Defensive Effectiveness: Reduction in attacker success rate (% of compromised hosts). Mean time to compromise (MTTC) improvements.
Efficiency: Resource overhead of defenses (CPU, memory, action cost in CybORG).
Adaptability: Ability of RL-based defenders to learn effective countermeasures against novel attack patterns.
Comparative Performance: Benchmark RL defenders vs. rule-based defenders. Benchmark scripted attackers vs. adaptive RL attackers.
Tools & Frameworks
Simulation Environment: CybORG* (Python-based cyber operations simulator).
Reinforcement Learning: Stable Baselines3 (PPO, DQN, A2C) or Ray RLlib for scalability.
Visualization & Analysis: Matplotlib, NetworkX (for network attack graphs), TensorBoard.
Expected Contributions A reproducible simulation framework for testing cyber attack/defense strategies in CybORG. Empirical insights on when adaptive defense outperforms static defense. Recommendations for deploying RL-based defenses in real-world cyber ranges.
