Autonomous Cyber Red Teaming System

This project aims to develop in-house a fully autonomous cyber red teaming system, able to deploy an attack by sensing its way into a target network. The primary aim is to deploy the system in the context of cyber defence trainings on a cyber-range, but its capability could also be used to test and validate cyber attack detection systems and processes.

In the context of the increasing complexity of interconnected Information Systems, the ability to efficiently detect and react to cyber attacks is essential. To this end, operators must develop a specific set of skills, that should be trained by hands-on exercises in a realistic controlled environment. Typically, the staff learns to monitor networks activity and counter simulated attacks on a cyber-range. However, at present, the execution of such exercise requires highly skilled personnel to design and carry out said attacks, which does not scale well.

The proposed autonomous cyber red teaming system will take over these tasks, it will simply be launched on the cyber-range within an existing network scenario and step by step take the actions an attacker would. This system will hence considerably lighten the work load of our cyber experts in supporting cyber trainings. The organisation of cyber defence exercises within the Defense will scale much better. Moreover, the same system can be used to assess the capabilities of cyber attack detection systems (MASFAD, ...).

The ultimate goal of this autonomous self-learning cyber red teaming agent is to mimic an attack a real person would deploy. The agent will be able, with no a priori knowledge of the network topology and configuration, to acquire information about the machines in the network and try to attack them on its own. To this end, existing tools will be leveraged and the agent will actually be responsible to take appropriate decisions on the best way to use the capabilities offered by said tools.