Incorporating Deception into CyberBattleSim for Autonomous Defense
This work addresses the challenge of reproducible testing for attack and defense algorithms in simulated enterprise networks, though it is incremental as it builds on an existing platform.
The researchers tackled the problem of testing autonomous cyber defense by incorporating deceptive elements like honeypots and decoys into the Microsoft CyberBattleSim platform, finding that the attacker's progress depended on the number and location of these elements, with concrete results showing dependency but no specific numerical gains reported.
Deceptive elements, including honeypots and decoys, were incorporated into the Microsoft CyberBattleSim experimentation and research platform. The defensive capabilities of the deceptive elements were tested using reinforcement learning based attackers in the provided capture the flag environment. The attacker's progress was found to be dependent on the number and location of the deceptive elements. This is a promising step toward reproducibly testing attack and defense algorithms in a simulated enterprise network with deceptive defensive elements.