Autonomous Cyber Red Teaming System (ACRES)

Artificial Intelligence Cyber Ranges Offensive Security

Code: DAP/23-02

Active

Funding: Defence Funded Research

Start: January 2024

End: December 2027

Duration: 49 months

This project aims to develop in-house a fully autonomous cyber red teaming system, able to deploy an attack by sensing its way into a target network. The primary aim is to deploy the system in the context of cyber defence trainings on a cyber-range, but its capability could also be used to test and validate cyber attack detection systems and processes.

In the context of the increasing complexity of interconnected Information Systems, the ability to efficiently detect and react to cyber attacks is essential. To this end, operators must develop a specific set of skills, that should be trained by hands-on exercises in a realistic controlled environment. Typically, the staff learns to monitor networks activity and counter simulated attacks on a cyber-range. However, at present, the execution of such exercise requires highly skilled personnel to design and carry out said attacks, which does not scale well.

The proposed autonomous cyber red teaming system will take over these tasks, it will simply be launched on the cyber-range within an existing network scenario and step by step take the actions an attacker would. This system will hence considerably lighten the work load of our cyber experts in supporting cyber trainings. The organisation of cyber defence exercises within the Defense will scale much better. Moreover, the same system can be used to assess the capabilities of cyber attack detection systems (MASFAD, ...).

The ultimate goal of this autonomous self-learning cyber red teaming agent is to mimic an attack a real person would deploy. The agent will be able, with no a priori knowledge of the network topology and configuration, to acquire information about the machines in the network and try to attack them on its own. To this end, existing tools will be leveraged and the agent will actually be responsible to take appropriate decisions on the best way to use the capabilities offered by said tools.

A light NAT router and DHCP server with Alpine Linux

Cyber Range Sysadmin Cyrange

Alpine Linux is a very light Linux distribution, that can run with less than 100MB of harddisk space. Here is how to configure Alpine Linux to run as a NAT router and DHCP server.

Read
Orchestration script to simulate user activity on multiple machines thanks to the GHOSTS framework

Offensive Security Cyber Range

The GHOSTS Framework is an open-source project created by Dustin Updyke, a cybersecurity researcher from the Carnegie Mellon University. It's a framework which offers a way to simulate user activity, usually for cyber awareness trainings or research in the field of cyber defense.

Read
Cyrange : firewall configuration

Cyrange Cyber Range

The cyrange Cyber Range is composed of multiple docker containers. After installation, here is how to configure your firewall to allow communication between the different components...

Read
Create your own VM image for the Cyber Range

Cyrange Cyber Range

cyrange is a Cyber Range platform built on top of VirtualBox. It brings some some additional features to support education and training:

Read