From 8e32898a654ce81808a10d69f7cd8a197db95926 Mon Sep 17 00:00:00 2001 From: Ondrej Lukas Date: Mon, 30 Jun 2025 12:29:20 +0200 Subject: [PATCH 1/4] Store logs inside ./logs --- AIDojoCoordinator/worlds/NSEGameCoordinator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AIDojoCoordinator/worlds/NSEGameCoordinator.py b/AIDojoCoordinator/worlds/NSEGameCoordinator.py index 1bb6e066..def4e401 100644 --- a/AIDojoCoordinator/worlds/NSEGameCoordinator.py +++ b/AIDojoCoordinator/worlds/NSEGameCoordinator.py @@ -932,7 +932,7 @@ async def reset(self)->bool: args = parser.parse_args() print(args) # Set the logging - log_filename = Path("NSG_coordinator.log") + log_filename = Path("logs/NSG_coordinator.log") if not log_filename.parent.exists(): os.makedirs(log_filename.parent) From 98e7f4da76a995311b3a7937d531491cd932714a Mon Sep 17 00:00:00 2001 From: Ondrej Lukas Date: Mon, 30 Jun 2025 13:40:37 +0200 Subject: [PATCH 2/4] Update docker file commands --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 45677cae..da5ece74 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,10 +20,11 @@ WORKDIR ${DESTINATION_DIR} # Install any necessary Python dependencies # If a requirements.txt file is in the repository -RUN if [ -f requirements.txt ]; then pip install --no-cache-dir -r requirements.txt; fi +RUN if [ -f pyproject.toml ]; then pip install . ; fi -# change the server ip to 0.0.0.0 -RUN sed -i 's/"host": "127.0.0.1"/"host": "0.0.0.0"/' coordinator.conf +# Expose the port the coordinator will run on +EXPOSE 9000 # Run the Python script when the container launches -CMD ["python3", "coordinator.py"] +CMD ["python3", "-m", "AIDojoCoordinator.worlds.NSEGameCoordinator", "--task_config=netsecenv_conf.yaml", "--game_port=9000", "--game_host=0.0.0.0"] + From 7d3745d9cdef0f508ad861b272248b1bb1c2cd02 Mon Sep 17 00:00:00 2001 From: Ondrej Lukas Date: Mon, 30 Jun 2025 13:40:52 +0200 Subject: [PATCH 3/4] Use netaddr version compatible with cyst --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index c09d7c7e..b4810852 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -28,7 +28,7 @@ dependencies = [ "kaleido==0.2.1", "MarkupSafe==3.0.2", "matplotlib==3.9.1", - "netaddr==1.3.0", + "netaddr==0.9.0", "networkx==3.4.2", "numpy==1.26.4", "pandas==2.2.2", From 5344f73c37c742ce392e26ae498a9d67a8acfebb Mon Sep 17 00:00:00 2001 From: Ondrej Lukas Date: Mon, 30 Jun 2025 14:40:07 +0200 Subject: [PATCH 4/4] Add information in the readme --- README.md | 46 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 1fcb26da..1394a188 100755 --- a/README.md +++ b/README.md @@ -8,32 +8,52 @@ The main part of he NetSecGame is the Game coordinator. It creates the enivronem ## Installation and Dependencies To run this code you need an environment and access to cyst code. However, the venv needs to be created for your own user - -- If you don't have your environment - +### Installing in Pyton virtual environment +1. Create the [virual envtironment](https://docs.python.org/3/library/venv.html): ```bash python -m venv ai-dojo-venv- ``` - -- The environment can be activated with - +2. Activate the venv: ```bash source ai-dojo-venv/bin/activate ``` - -- Install using pip by running following in the **root** directory - +3. Install with pip: ```bash pip install -e . ``` - -- If you use conda use +### Installing with Conda +1. Create conda environment ```bash conda create --name aidojo python==3.12 +``` +2. Activate it +```bash conda activate aidojo +``` +3. Install the package +```bash pip install -e . ``` +### Running in Docker +You can run the coordinator in a Docker container +Build the Contaier (run from the *root* of the project) locally. +```bash +docker build -t aidojo-nsg-coordinator:latest . +``` + +or pull the image from Dockerhub +```bash +docker pull lukasond/aidojo-coordinator:1.0.2 +``` + +## Running the game: +There are currently two variants of how you can run the game: +- Network Security Game - pure simulation +- CYST-based Environment - simulation + emulation + +### Running Network Security Game +1. Prepare the task configuration file (see ) ## Components of the NetSecGame Environment The architecture of the environment can be seen [here](docs/Architecture.md). The NetSecGame environment has several components in the following files: @@ -77,6 +97,7 @@ Predefined scenario configurations: - `scenario_configuration.py`: The main scenario configuration. - `three_net_configuration.py`: Configuration for a three-network scenario. Used for evaluation of the model overfitting. Implements the network game's configuration of hosts, data, services, and connections. It is taken from [CYST](https://pypi.org/project/cyst/). + #### **`utils/`** Helper modules: - `utils.py`: General-purpose utilities. @@ -87,6 +108,9 @@ Helper modules: The [scenarios](#definition-of-the-network-topology) define the **topology** of a network (number of hosts, connections, networks, services, data, users, firewall rules, etc.) while the [task-configuration](#task-configuration) is to be used for definition of the exact task for the agent in one of the scenarios (with fix topology). - Agents compatible with the NetSecGame are located in a separate repository [NetSecGameAgents](https://github.com/stratosphereips/NetSecGameAgents/tree/main) + + + ### Assumptions of the NetSecGame 1. NetSecGame works with the closed-world assumption. Only the defined entities exist in the simulation. 2. If the attacker does a successful action in the same step that the defender successfully detects the action, the priority goes to the defender. The reward is a penalty, and the game ends.