Here, you can see the details of all components of the NetSetEnvironment and their usage. These components are located in game_components.py.
The following classes are used in the game to hold information about the state of the game. They are used both in the Actions and GameState.
IP is immutable object that represents an IPv4 object in the NetSecGame. It has a single parameter of the address in a dot-decimal notation (4 octet represeted as decimal value separeted by dots).
Example: ip = IP("192.168.1.1")
Network is immutable object that represents an IPv4 network object in the NetSecGame. It has 2 parameters:
network_ip:strrepresenting the IPv4 address of the network.mask:intrepresenting the mask in the CIDR notation.
Example: net = Network("192.168.1.0", 24)
Service class holds information about services running in hosts. Each Service has four parameters:
name:str - Name of the service (e.g., "SSH")type:str -passiveoractive. Currently not being used.version:str - version of the service.is_local:bool - flag specifying if the service is local only. (ifTrue, service is NOT visible without controlling the host).
Example: s = Service('postgresql', 'passive', '14.3.0', False)
Data class holds information about datapoints (files) present in the NetSecGame. Datapoints DO NOT hold the content of files. Each data instance has two parameters:
owner:str - specifying the user who owns this datapointid: str - unique identifier of the datapoint in a hostsize: int - size of the datapoint (optional, default=0)type: str - identification of a type of the file (optional, default="")
Examples:Data("User1", "DatabaseData"), Data("User1", "DatabaseData", size=42, type="txt")
GameState is an object that represents a view of the NetSecGame environment in a given state. It is constructed as a collection of 'assets' available to the agent. GameState has following parts:
known_networks: Set of Network objects that the agent is aware ofknown_hosts: Set of IP objects that the agent is aware ofcontrolled_hosts: Set of IP objetcs that the agent has control over. Note thatcontrolled_hostsis a subset ofknown_hosts.known_services: Dictionary of services that the agent is aware of. The dictionary format: {IP: {Service}} where IP object is a key and the value is a set of Service objects located in theIP.known_data: Dictionary of data instances that the agent is aware of. The dictionary format: {IP: {Data}} where IP object is a key and the value is a set of Data objects located in theIP.known_blocks: Dictionary of firewall blocks the agent is aware of. It is a dictionary with format: {target_IP: {blocked_IP,blocked_IP}}. Wheretarget_IPis the IP where the FW rule was applied (usually a router) andblocked_IPis the IP address that is blocked. For now the blocks happen in both input and output direction simultaneously.
Actions are the objects sent by the agents to the environment. Each action is evaluated by AIDojo and executed if
- Is a valid Action
- Can be processed in the current state of the environment
In all cases, when an agent sends an action to AIDojo, it is given a response.
The Action class is defined in game_components.py. It has two basic parts:
- ActionType:Enum
- parameters:dict
ActionType is unique Enum that determines what kind of action is agent playing. Parameters are passed in a dictionary as follows.
- JoinGame, params={
agent_info:AgentInfo(<name>, <role>)}: Used to register agent in a game with a given <role>. - QuitGame, params={}: Used for termination of agent's interaction.
- ResetGame, params={
request_trajectory:bool}: Used for requesting reset of the game to it's initial position. Ifrequest_trajectory = True, the coordinator will send back the complete trajectory of the previous run in the next message.
- ScanNetwork, params{
source_host:<IP>,target_network:<Network>}: Scans the given <Network> from a specified source host. Discovers ALL hosts in a network that are accessible from <IP>. If successful, returns set of discovered <IP> objects. - FindServices, params={
source_host:<IP>,target_host:<IP>}: Used to discover ALL services running in thetarget_hostif the host is accessible fromsource_host. If successful, returns a set of all discovered <Service> objects. - FindData, params={
source_host:<IP>,target_host:<IP>}: Searchestarget_hostfor data. Ifsource_hostdiffers fromtarget_host, success depends on accessability from thesource_host. If successful, returns a set of all discovered <Data> objects. - ExploitService, params={
source_host:<IP>,target_host:<IP>,taget_service:<Service>}: Exploitstarget_servicein a specifiedtarget_host. If successful, the attacker gains control of thetarget_host. - ExfiltrateData, params{
source_host:<IP>,target_host:<IP>,data:<Data>}: Copiesdatafrom thesource_hosttotarget_hostIF both are controlled andtarget_hostis accessible fromsource_host.
In the following table, we describe the effects of selected actions and their preconditions. Note that if the preconditions are not satisfied, the actions's effects are not applied.
| Action | Params | Preconditions | Effects |
|---|---|---|---|
| ScanNetwork | source_host, target_network |
source_host ∈ controlled_hosts |
extends known_networks |
| FindServices | source_host, target_host |
source_host ∈ controlled_hosts |
extends known_services AND known_hosts |
| FindData | source_host, target_host |
source_host, target_host ∈ controlled_hosts |
extends known_data |
| Exploit Service | source_host, target_host, target_service |
source_host ∈ controlled_hosts |
extends controlled_hosts with target_host |
| ExfiltrateData | source_host,target_host, data |
source_host, target_host ∈ controlled_hosts AND data ∈ known_data |
extends known_data[target_host] with data |
- When playing the
ExploitServiceaction, it is expected that the agent has discovered this service before (by playingFindServicesin thetarget_hostbefore this action) - The
Find Dataaction finds all the available data in the host if successful. - The
Find Dataaction requires ownership of the target host. - Playing
ExfiltrateDatarequires controlling BOTH source and target hosts - Playing
Find Servicescan be used to discover hosts (if those have any active services) - Parameters of
ScanNetworkandFindServicescan be chosen arbitrarily (they don't have to be listed inknown_newtworks/known_hosts)
After submitting Action a to the environment, agents receive an Observation in return. Each observation consists of 4 parts:
state:Gamestate- with the current view of the environment statereward:int- with the immediate reward agent gets for playing Actionaend:bool- indicating if the interaction can continue after playing Actionainfo:dict- placeholder for any information given to the agent (e.g., the reason whyend is True)