From 9ee50720a58cfa9aa625740a6d0404e947f401a0 Mon Sep 17 00:00:00 2001 From: Joakim Loxdal Date: Wed, 22 Jan 2025 13:54:19 +0100 Subject: [PATCH 1/2] Update scenarios for new scenario format in MalSimulator --- scenarios/coreLang/demo1/demo1_scenario.yml | 14 +- .../demo1_scenario_with_observability.yml | 17 +- .../demo2_scenario_with_observability.yml | 15 +- scenarios/trainingLang/demo2/demo2_model.yml | 295 ------------------ .../trainingLang/demo2/demo2_scenario.yml | 65 ---- .../scenario.yml | 14 +- .../scenario-data-on-one-host/scenario.yml | 13 +- .../scenario.yml | 12 +- .../scenario.yml | 14 +- .../scenario.yml | 15 +- .../scenario-phishing-one-host/scenario.yml | 14 +- .../scenario-phishing-one-host/scenario2.yml | 12 +- .../demo2_scenario_with_observability.yml | 14 +- .../scenario-two-hosts-network/scenario.yml | 34 +- .../scenario_converged.yml | 14 +- 15 files changed, 136 insertions(+), 426 deletions(-) delete mode 100644 scenarios/trainingLang/demo2/demo2_model.yml delete mode 100644 scenarios/trainingLang/demo2/demo2_scenario.yml diff --git a/scenarios/coreLang/demo1/demo1_scenario.yml b/scenarios/coreLang/demo1/demo1_scenario.yml index 8ceddbb..5cc4001 100644 --- a/scenarios/coreLang/demo1/demo1_scenario.yml +++ b/scenarios/coreLang/demo1/demo1_scenario.yml @@ -4,9 +4,6 @@ lang_file: ../../../langs/org.mal-lang.coreLang-1.0.0.mar model_file: demo1_model.json -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - # Rewards for each attack step (same as in run_demo.py) rewards: ca:read: 1 @@ -61,3 +58,14 @@ rewards: hq06:modify: 4 hq06:deny: 3 hq06:notPresent: 3 + +agents: + 'Attacker1': + type: 'attacker' + agent_class: 'BreadthFirstAttacker' + entry_points: + - www:fullAccess + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/coreLang/demo1/demo1_scenario_with_observability.yml b/scenarios/coreLang/demo1/demo1_scenario_with_observability.yml index 4506110..bd6d093 100644 --- a/scenarios/coreLang/demo1/demo1_scenario_with_observability.yml +++ b/scenarios/coreLang/demo1/demo1_scenario_with_observability.yml @@ -1,9 +1,6 @@ lang_file: ../../../langs/org.mal-lang.coreLang-1.0.0.mar model_file: demo1_model.json -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - rewards: ca:read: 1 ca:fullAccess: 5 @@ -58,7 +55,19 @@ rewards: hq06:deny: 3 hq06:notPresent: 3 -observable_attack_steps: +observable_steps: by_asset_type: Application: - fullAccess + +agents: + 'Attacker1': + type: 'attacker' + agent_class: 'BreadthFirstAttacker' + entry_points: + - www:fullAccess + + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' diff --git a/scenarios/coreLang/demo2/demo2_scenario_with_observability.yml b/scenarios/coreLang/demo2/demo2_scenario_with_observability.yml index 42b244b..66ab3ef 100644 --- a/scenarios/coreLang/demo2/demo2_scenario_with_observability.yml +++ b/scenarios/coreLang/demo2/demo2_scenario_with_observability.yml @@ -1,9 +1,6 @@ lang_file: ../../../langs/org.mal-lang.coreLang-1.0.0.mar model_file: 2024_11_01_15_15_generated_model.yml -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - rewards: ap01:read: 2 ap01:fullAccess: 4 @@ -103,3 +100,15 @@ actionable_steps: by_asset_type: Application: - notPresent + +agents: + + 'Attacker1': + type: 'attacker' + agent_class: 'BreadthFirstAttacker' + entry_points: + - flightlogs:fullAccess + + 'Defender1': + type: 'defender' + defender_agent_class: 'KeyboardAgent' diff --git a/scenarios/trainingLang/demo2/demo2_model.yml b/scenarios/trainingLang/demo2/demo2_model.yml deleted file mode 100644 index 5f5e8d1..0000000 --- a/scenarios/trainingLang/demo2/demo2_model.yml +++ /dev/null @@ -1,295 +0,0 @@ -assets: - 0: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap01 - type: Host - 1: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap02 - type: Host - 2: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap03 - type: Host - 3: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap04 - type: Host - 4: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap05 - type: Host - 5: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap06 - type: Host - 6: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap07 - type: Host - 7: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap08 - type: Host - 8: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap09 - type: Host - 9: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap10 - type: Host - 10: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap11 - type: Host - 11: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap12 - type: Host - 12: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap13 - type: Host - 13: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap14 - type: Host - 14: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap15 - type: Host - 15: - associated_assets: - networks: - 31: 134.24.3.0/24 - name: ap16 - type: Host - 16: - associated_assets: - networks: - 32: 134.24.4.0/24 - name: ca - type: Host - 17: - associated_assets: - networks: - 32: 134.24.4.0/24 - name: db - type: Host - 18: - associated_assets: - networks: - 32: 134.24.4.0/24 - name: dc - type: Host - 19: - associated_assets: - networks: - 32: 134.24.4.0/24 - name: files - type: Host - 20: - associated_assets: - networks: - 32: 134.24.4.0/24 - name: flightlogs - type: Host - 21: - associated_assets: - networks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 33: 52.33.204.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - name: fw1 - type: Host - 22: - associated_assets: - networks: - 32: 134.24.4.0/24 - name: mail - type: Host - 23: - associated_assets: - networks: - 34: 134.24.2.0/24 - name: mailrelay - type: Host - 24: - associated_assets: - networks: - 34: 134.24.2.0/24 - name: payroll - type: Host - 25: - associated_assets: - networks: - 35: 134.24.17.0/24 - name: snort-dmz - type: Host - 26: - associated_assets: - networks: - 35: 134.24.17.0/24 - name: snort-ext - type: Host - 27: - associated_assets: - networks: - 35: 134.24.17.0/24 - name: snort-hqclient - type: Host - 28: - associated_assets: - networks: - 35: 134.24.17.0/24 - name: snort-srv - type: Host - 29: - associated_assets: - networks: - 34: 134.24.2.0/24 - name: timereporter - type: Host - 30: - associated_assets: - networks: - 34: 134.24.2.0/24 - name: weborder - type: Host - 31: - associated_assets: - fromNetworks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - hosts: - 0: ap01 - 1: ap02 - 2: ap03 - 3: ap04 - 4: ap05 - 5: ap06 - 6: ap07 - 7: ap08 - 8: ap09 - 9: ap10 - 10: ap11 - 11: ap12 - 12: ap13 - 13: ap14 - 14: ap15 - 15: ap16 - 21: fw1 - toNetworks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - name: 134.24.3.0/24 - type: Network - 32: - associated_assets: - fromNetworks: - 31: 134.24.3.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - hosts: - 16: ca - 17: db - 18: dc - 19: files - 20: flightlogs - 21: fw1 - 22: mail - toNetworks: - 31: 134.24.3.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - name: 134.24.4.0/24 - type: Network - 33: - associated_assets: - hosts: - 21: fw1 - name: 52.33.204.0/24 - type: Network - 34: - associated_assets: - fromNetworks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - hosts: - 21: fw1 - 23: mailrelay - 24: payroll - 29: timereporter - 30: weborder - toNetworks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 34: 134.24.2.0/24 - 35: 134.24.17.0/24 - name: 134.24.2.0/24 - type: Network - 35: - associated_assets: - fromNetworks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 34: 134.24.2.0/24 - hosts: - 21: fw1 - 25: snort-dmz - 26: snort-ext - 27: snort-hqclient - 28: snort-srv - toNetworks: - 31: 134.24.3.0/24 - 32: 134.24.4.0/24 - 34: 134.24.2.0/24 - name: 134.24.17.0/24 - type: Network -attackers: {} -metadata: - MAL-Toolbox Version: 0.3.6 - info: Created by the mal-toolbox model python module. - langID: org.mal-lang.trainingLang - langVersion: 1.0.0 - malVersion: 0.1.0-SNAPSHOT - name: Test Model diff --git a/scenarios/trainingLang/demo2/demo2_scenario.yml b/scenarios/trainingLang/demo2/demo2_scenario.yml deleted file mode 100644 index 208470e..0000000 --- a/scenarios/trainingLang/demo2/demo2_scenario.yml +++ /dev/null @@ -1,65 +0,0 @@ -lang_file: ../../../langs/org.mal-lang.trainingLang-1.0.0.mar -model_file: demo2_model.yml - -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - -rewards: - ap01:access: 1000 - ap01:notPresent: 3 - ap02:access: 1000 - ap02:notPresent: 3 - ap03:access: 1000 - ap03:notPresent: 3 - ap04:access: 1000 - ap04:notPresent: 3 - ap05:access: 1000 - ap05:notPresent: 3 - ap06:access: 1000 - ap06:notPresent: 3 - ap07:access: 1000 - ap07:notPresent: 3 - ap08:access: 1000 - ap08:notPresent: 3 - ap09:access: 1000 - ap09:notPresent: 3 - ap10:access: 1000 - ap10:notPresent: 3 - ap11:access: 1000 - ap11:notPresent: 3 - ap12:access: 1000 - ap12:notPresent: 3 - ap13:access: 1000 - ap13:notPresent: 3 - ap14:access: 1000 - ap14:notPresent: 3 - ap15:access: 1000 - ap15:notPresent: 3 - ap16:access: 1000 - ap16:notPresent: 3 - ca:access: 1000 - ca:notPresent: 4 - dc:access: 1000 - dc:notPresent: 3 - files:access: 1000 - files:notPresent: 3 - flightlogs:access: 1000 - flightlogs:notPresent: 5 - timereporter:access: 1000 - timereporter:notPresent: 5 - weborder:access: 1000 - weborder:notPresent: 2 - -attacker_entry_points: - 'TestAttacker': - - 'flightlogs:access' - -observable_steps: - by_asset_type: - Host: - - access - - notPresent -actionable_steps: - by_asset_type: - Host: - - notPresent diff --git a/scenarios/trainingLang/scenario-data-on-host-on-network/scenario.yml b/scenarios/trainingLang/scenario-data-on-host-on-network/scenario.yml index ab5c241..129b11f 100644 --- a/scenarios/trainingLang/scenario-data-on-host-on-network/scenario.yml +++ b/scenarios/trainingLang/scenario-data-on-host-on-network/scenario.yml @@ -9,10 +9,14 @@ rewards: Data:2:read: 100 # Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +agents: 'Attacker1': - - 'User:3:phishing' - - 'Network:4:access' + type: attacker + entry_points: + - 'User:3:phishing' + - 'Network:4:access' + agent_class: BreadthFirstAttacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/trainingLang/scenario-data-on-one-host/scenario.yml b/scenarios/trainingLang/scenario-data-on-one-host/scenario.yml index ef4a6ac..26e4501 100644 --- a/scenarios/trainingLang/scenario-data-on-one-host/scenario.yml +++ b/scenarios/trainingLang/scenario-data-on-one-host/scenario.yml @@ -6,10 +6,13 @@ rewards: Host A:notPresent: 10 Sensitive Data:read: 100 -# Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +agents: 'Attacker1': - - 'User:2:phishing' + type: attacker + entry_points: + - 'User:2:phishing' + agent_class: BreadthFirstAttacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/trainingLang/scenario-lateral-movement-one-network/scenario.yml b/scenarios/trainingLang/scenario-lateral-movement-one-network/scenario.yml index 48397a0..879428b 100644 --- a/scenarios/trainingLang/scenario-lateral-movement-one-network/scenario.yml +++ b/scenarios/trainingLang/scenario-lateral-movement-one-network/scenario.yml @@ -11,9 +11,13 @@ rewards: Host C:authenticate: 100 # Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +agents: 'Attacker1': - - 'User:3:phishing' + type: attacker + entry_points: + - 'User:3:phishing' + agent_class: BreadthFirstAttacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/trainingLang/scenario-lateral-movement-three-networks/scenario.yml b/scenarios/trainingLang/scenario-lateral-movement-three-networks/scenario.yml index d033bc9..db28450 100644 --- a/scenarios/trainingLang/scenario-lateral-movement-three-networks/scenario.yml +++ b/scenarios/trainingLang/scenario-lateral-movement-three-networks/scenario.yml @@ -14,10 +14,14 @@ rewards: Sensitive Data C:read: 300 # Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +agents: 'Attacker1': - - 'User A:phishing' - - 'Network A:access' + entry_points: + - 'User A:phishing' + - 'Network A:access' + agent_class: BreadthFirstAttacker + type: attacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/trainingLang/scenario-lateral-movement-two-networks-data/scenario.yml b/scenarios/trainingLang/scenario-lateral-movement-two-networks-data/scenario.yml index 36b527e..d224ecd 100644 --- a/scenarios/trainingLang/scenario-lateral-movement-two-networks-data/scenario.yml +++ b/scenarios/trainingLang/scenario-lateral-movement-two-networks-data/scenario.yml @@ -9,11 +9,14 @@ rewards: Data 0:read: 100 # Little secret data Data 1:read: 500 # Very secret data -# Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +agents: 'Attacker1': - - 'User 0:phishing' - - 'Network 0:access' + entry_points: + - 'User 0:phishing' + - 'Network 0:access' + agent_class: BreadthFirstAttacker + type: attacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/trainingLang/scenario-phishing-one-host/scenario.yml b/scenarios/trainingLang/scenario-phishing-one-host/scenario.yml index 5fe9349..f7c9d5a 100644 --- a/scenarios/trainingLang/scenario-phishing-one-host/scenario.yml +++ b/scenarios/trainingLang/scenario-phishing-one-host/scenario.yml @@ -6,10 +6,14 @@ rewards: Host:0:notPresent: 10 Host:0:access: 100 -# Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +# Creates attacker and entry points in resulting AttackGraph +agents: 'Attacker1': - - 'User:1:phishing' + entry_points: + - 'User:1:phishing' + agent_class: BreadthFirstAttacker + type: attacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/trainingLang/scenario-phishing-one-host/scenario2.yml b/scenarios/trainingLang/scenario-phishing-one-host/scenario2.yml index aafb881..0121de4 100644 --- a/scenarios/trainingLang/scenario-phishing-one-host/scenario2.yml +++ b/scenarios/trainingLang/scenario-phishing-one-host/scenario2.yml @@ -9,9 +9,13 @@ rewards: User:1:notPresent: 20 # Create attacker and entry points in resulting AttackGraph -attacker_entry_points: +agents: 'Attacker1': - - 'User:1:phishing' + entry_points: + - 'User:1:phishing' + agent_class: BreadthFirstAttacker + type: attacker -attacker_agent_class: 'BreadthFirstAttacker' -defender_agent_class: 'KeyboardAgent' + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/tyrLang/demo2/demo2_scenario_with_observability.yml b/scenarios/tyrLang/demo2/demo2_scenario_with_observability.yml index 3feb6d7..e44cf84 100644 --- a/scenarios/tyrLang/demo2/demo2_scenario_with_observability.yml +++ b/scenarios/tyrLang/demo2/demo2_scenario_with_observability.yml @@ -1,9 +1,6 @@ lang_file: ../../../langs/org.mal-lang.tyrLang-0.0.1.mar model_file: demo2_tyrlang_model.yml -attacker_agent_class: 'DepthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - rewards: ap01:read: 2 ap01:fullAccess: 4 @@ -104,3 +101,14 @@ actionable_steps: by_asset_type: Application: - notPresent + +agents: + 'Attacker1': + type: attacker + entry_points: + - 'flightlogs:fullAccess' + agent_class: BreadthFirstAttacker + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/tyrLang/scenario-two-hosts-network/scenario.yml b/scenarios/tyrLang/scenario-two-hosts-network/scenario.yml index 3871592..7a29794 100644 --- a/scenarios/tyrLang/scenario-two-hosts-network/scenario.yml +++ b/scenarios/tyrLang/scenario-two-hosts-network/scenario.yml @@ -1,22 +1,8 @@ -# Ideal strategy: -# Do nothing until attacker reaches Application:0, then shut it down. - -# Passive defender leads to reward: -8055 - -# DFS defender leads to reward -32059 - -# BFS defender leads to reward -31072 - -# Defender running Application:0:notPresent -# when attacker reached Application:0:useVulnerability -# leads to reward: -43 +# Converged in gnn training lang_file: ../../../langs/org.mal-lang.tyrLang-0.0.1.mar model_file: model.yml -attacker_agent_class: 'DepthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - rewards: Application:0:notPresent: 1 Application:0:fullAccess: 1000 @@ -27,9 +13,25 @@ observable_steps: by_asset_type: Application: - fullAccess - - notPresent + ConnectionRule: + - accessNetworks + SoftwareVulnerability: + - modify + Network: + - access actionable_steps: by_asset_type: Application: - notPresent + +agents: + 'Attacker1': + entry_points: + - 'Application:5:fullAccess' + agent_class: BreadthFirstAttacker + type: attacker + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/tyrLang/scenario-two-hosts-network/scenario_converged.yml b/scenarios/tyrLang/scenario-two-hosts-network/scenario_converged.yml index 3363363..159ed82 100644 --- a/scenarios/tyrLang/scenario-two-hosts-network/scenario_converged.yml +++ b/scenarios/tyrLang/scenario-two-hosts-network/scenario_converged.yml @@ -3,9 +3,6 @@ lang_file: ../../../langs/org.mal-lang.tyrLang-0.0.1.mar model_file: model.yml -attacker_agent_class: 'DepthFirstAttacker' -defender_agent_class: 'KeyboardAgent' - rewards: Application:0:notPresent: 1 Application:0:fullAccess: 1000 @@ -41,3 +38,14 @@ actionable_steps: by_asset_type: Application: - notPresent + +agents: + 'Attacker1': + type: attacker + entry_points: + - 'Application:5:fullAccess' + agent_class: BreadthFirstAttacker + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file From 057496e80876096767f9b004444d2001cf757df2 Mon Sep 17 00:00:00 2001 From: Joakim Loxdal Date: Wed, 22 Jan 2025 13:54:49 +0100 Subject: [PATCH 2/2] Add two new scenarios --- .../demo2_traininglang/demo2_model.yml | 358 ++++++++++++++++++ .../demo2_traininglang/demo2_scenario.yml | 69 ++++ .../scenario_learns_something.yml | 37 ++ 3 files changed, 464 insertions(+) create mode 100644 scenarios/trainingLang/demo2_traininglang/demo2_model.yml create mode 100644 scenarios/trainingLang/demo2_traininglang/demo2_scenario.yml create mode 100644 scenarios/tyrLang/scenario-two-hosts-network/scenario_learns_something.yml diff --git a/scenarios/trainingLang/demo2_traininglang/demo2_model.yml b/scenarios/trainingLang/demo2_traininglang/demo2_model.yml new file mode 100644 index 0000000..c4aa922 --- /dev/null +++ b/scenarios/trainingLang/demo2_traininglang/demo2_model.yml @@ -0,0 +1,358 @@ +assets: + 0: + name: ap01 + type: Host + 1: + name: ap02 + type: Host + 2: + name: ap03 + type: Host + 3: + name: ap04 + type: Host + 4: + name: ap05 + type: Host + 5: + name: ap06 + type: Host + 6: + name: ap07 + type: Host + 7: + name: ap08 + type: Host + 8: + name: ap09 + type: Host + 9: + name: ap10 + type: Host + 10: + name: ap11 + type: Host + 11: + name: ap12 + type: Host + 12: + name: ap13 + type: Host + 13: + name: ap14 + type: Host + 14: + name: ap15 + type: Host + 15: + name: ap16 + type: Host + 16: + name: ca + type: Host + 17: + name: db + type: Host + 18: + name: dc + type: Host + 19: + name: files + type: Host + 20: + name: flightlogs + type: Host + 21: + name: fw1 + type: Host + 22: + name: mail + type: Host + 23: + name: mailrelay + type: Host + 24: + name: payroll + type: Host + 25: + name: snort-dmz + type: Host + 26: + name: snort-ext + type: Host + 27: + name: snort-hqclient + type: Host + 28: + name: snort-srv + type: Host + 29: + name: timereporter + type: Host + 30: + name: weborder + type: Host + 31: + name: 134.24.3.0/24 + type: Network + 32: + name: 134.24.4.0/24 + type: Network + 33: + name: 52.33.204.0/24 + type: Network + 34: + name: 134.24.2.0/24 + type: Network + 35: + name: 134.24.17.0/24 + type: Network +associations: +- HostsInNetworks: + hosts: + - 0 + networks: + - 31 +- HostsInNetworks: + hosts: + - 1 + networks: + - 31 +- HostsInNetworks: + hosts: + - 2 + networks: + - 31 +- HostsInNetworks: + hosts: + - 3 + networks: + - 31 +- HostsInNetworks: + hosts: + - 4 + networks: + - 31 +- HostsInNetworks: + hosts: + - 5 + networks: + - 31 +- HostsInNetworks: + hosts: + - 6 + networks: + - 31 +- HostsInNetworks: + hosts: + - 7 + networks: + - 31 +- HostsInNetworks: + hosts: + - 8 + networks: + - 31 +- HostsInNetworks: + hosts: + - 9 + networks: + - 31 +- HostsInNetworks: + hosts: + - 10 + networks: + - 31 +- HostsInNetworks: + hosts: + - 11 + networks: + - 31 +- HostsInNetworks: + hosts: + - 12 + networks: + - 31 +- HostsInNetworks: + hosts: + - 13 + networks: + - 31 +- HostsInNetworks: + hosts: + - 14 + networks: + - 31 +- HostsInNetworks: + hosts: + - 15 + networks: + - 31 +- HostsInNetworks: + hosts: + - 16 + networks: + - 32 +- HostsInNetworks: + hosts: + - 17 + networks: + - 32 +- HostsInNetworks: + hosts: + - 18 + networks: + - 32 +- HostsInNetworks: + hosts: + - 19 + networks: + - 32 +- HostsInNetworks: + hosts: + - 20 + networks: + - 32 +- HostsInNetworks: + hosts: + - 21 + networks: + - 33 +- HostsInNetworks: + hosts: + - 21 + networks: + - 34 +- HostsInNetworks: + hosts: + - 21 + networks: + - 31 +- HostsInNetworks: + hosts: + - 21 + networks: + - 32 +- HostsInNetworks: + hosts: + - 21 + networks: + - 35 +- HostsInNetworks: + hosts: + - 22 + networks: + - 32 +- HostsInNetworks: + hosts: + - 23 + networks: + - 34 +- HostsInNetworks: + hosts: + - 24 + networks: + - 34 +- HostsInNetworks: + hosts: + - 25 + networks: + - 35 +- HostsInNetworks: + hosts: + - 26 + networks: + - 35 +- HostsInNetworks: + hosts: + - 27 + networks: + - 35 +- HostsInNetworks: + hosts: + - 28 + networks: + - 35 +- HostsInNetworks: + hosts: + - 29 + networks: + - 34 +- HostsInNetworks: + hosts: + - 30 + networks: + - 34 + +- InterNetworkConnectivity: + fromNetworks: + - 31 + - 34 + toNetworks: + - 31 + - 34 + +- InterNetworkConnectivity: + fromNetworks: + - 31 + toNetworks: + - 32 +- InterNetworkConnectivity: + fromNetworks: + - 32 + toNetworks: + - 31 + +- InterNetworkConnectivity: + fromNetworks: + - 34 + toNetworks: + - 32 +- InterNetworkConnectivity: + fromNetworks: + - 32 + toNetworks: + - 34 + +- InterNetworkConnectivity: + fromNetworks: + - 34 + toNetworks: + - 35 + +- InterNetworkConnectivity: + fromNetworks: + - 35 + toNetworks: + - 34 + +- InterNetworkConnectivity: + fromNetworks: + - 31 + toNetworks: + - 35 +- InterNetworkConnectivity: + fromNetworks: + - 35 + toNetworks: + - 31 + +- InterNetworkConnectivity: + fromNetworks: + - 32 + toNetworks: + - 35 +- InterNetworkConnectivity: + fromNetworks: + - 35 + toNetworks: + - 32 + +attackers: {} +metadata: + MAL-Toolbox Version: 0.1.10 + info: Created by the mal-toolbox model python module. + langID: org.mal-lang.trainingLang + langVersion: 1.0.0 + malVersion: 0.1.0-SNAPSHOT + name: Test Model diff --git a/scenarios/trainingLang/demo2_traininglang/demo2_scenario.yml b/scenarios/trainingLang/demo2_traininglang/demo2_scenario.yml new file mode 100644 index 0000000..e6fad08 --- /dev/null +++ b/scenarios/trainingLang/demo2_traininglang/demo2_scenario.yml @@ -0,0 +1,69 @@ +lang_file: ../../../langs/org.mal-lang.trainingLang-1.0.0.mar +model_file: demo2_model.yml + +rewards: + ap01:access: 1000 + ap01:notPresent: 3 + ap02:access: 1000 + ap02:notPresent: 3 + ap03:access: 1000 + ap03:notPresent: 3 + ap04:access: 1000 + ap04:notPresent: 3 + ap05:access: 1000 + ap05:notPresent: 3 + ap06:access: 1000 + ap06:notPresent: 3 + ap07:access: 1000 + ap07:notPresent: 3 + ap08:access: 1000 + ap08:notPresent: 3 + ap09:access: 1000 + ap09:notPresent: 3 + ap10:access: 1000 + ap10:notPresent: 3 + ap11:access: 1000 + ap11:notPresent: 3 + ap12:access: 1000 + ap12:notPresent: 3 + ap13:access: 1000 + ap13:notPresent: 3 + ap14:access: 1000 + ap14:notPresent: 3 + ap15:access: 1000 + ap15:notPresent: 3 + ap16:access: 1000 + ap16:notPresent: 3 + ca:access: 1000 + ca:notPresent: 4 + dc:access: 1000 + dc:notPresent: 3 + files:access: 1000 + files:notPresent: 3 + flightlogs:access: 1000 + flightlogs:notPresent: 5 + timereporter:access: 1000 + timereporter:notPresent: 5 + weborder:access: 1000 + weborder:notPresent: 2 + +observable_steps: + by_asset_type: + Host: + - access + - notPresent +actionable_steps: + by_asset_type: + Host: + - notPresent + +agents: + 'Attacker1': + type: attacker + entry_points: + - 'flightlogs:access' + agent_class: BreadthFirstAttacker + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file diff --git a/scenarios/tyrLang/scenario-two-hosts-network/scenario_learns_something.yml b/scenarios/tyrLang/scenario-two-hosts-network/scenario_learns_something.yml new file mode 100644 index 0000000..7a29794 --- /dev/null +++ b/scenarios/tyrLang/scenario-two-hosts-network/scenario_learns_something.yml @@ -0,0 +1,37 @@ +# Converged in gnn training + +lang_file: ../../../langs/org.mal-lang.tyrLang-0.0.1.mar +model_file: model.yml + +rewards: + Application:0:notPresent: 1 + Application:0:fullAccess: 1000 + Application:5:notPresent: 1000 + Application:5:fullAccess: 1 + +observable_steps: + by_asset_type: + Application: + - fullAccess + ConnectionRule: + - accessNetworks + SoftwareVulnerability: + - modify + Network: + - access + +actionable_steps: + by_asset_type: + Application: + - notPresent + +agents: + 'Attacker1': + entry_points: + - 'Application:5:fullAccess' + agent_class: BreadthFirstAttacker + type: attacker + + 'Defender1': + type: 'defender' + agent_class: 'KeyboardAgent' \ No newline at end of file