Continuous CyberBattleSim: A More Realistic Simulation for AI-driven Attack Path Discovery
Date:
Continuous CyberBattleSim (C-CyberBattleSim) is an extension of Microsoft’s CyberBattleSim simulator, a tool for training and evaluating reinforcement learning (RL) agents on cyber-attack path prediction formulated as a vulnerability chaining problem. The original simulator enables the generation of synthetic network scenarios and provides a sequential decision-making environment in which agents interact by selecting and exploiting vulnerabilities, receiving rewards and penalties that drive the learning of effective threat modeling strategies. C-CyberBattleSim enhances this framework along three key directions: (1) it extends the scenario generation pipeline by incorporating Cyber Threat Intelligence derived from empirical vulnerability distributions collected via Shodan, enabling the creation of synthetic network environments that more closely resemble real-world infrastructures; (2) it automates the approximation of real-world vulnerability outcomes by inferring effects directly from metadata, reducing reliance on manually defined transitions; (3) it integrates an embedding model that combines graph neural networks and language models to represent network nodes and vulnerabilities in continuous vector spaces, supporting more scalable and generalizable learning for RL agents.