AutoPentest-DRL icon indicating copy to clipboard operation
AutoPentest-DRL copied to clipboard

Published 20 hours ago verified publisher icon crond-jaist

mulval topology template

Open shoaib5261 opened this issue 3 years ago • 5 comments

Hello, I just want to ask if I change the configuration of topology generator then I also have to change the topo_gen_template.P file content or is it a generic template. Thanks.

shoaib5261 avatar Aug 12 '22 18:08 shoaib5261

Hello, Can you guide me on the above point. Thanks

shoaib5261 avatar Aug 18 '22 12:08 shoaib5261

Hi, Sorry for the delay, we had several days of holiday this week here in Japan. As for your question, the file 'topo_gen_template.P' is indeed a sample template that includes by default the network topology 1 shown in the second figure in our User Guide (https://github.com/crond-jaist/AutoPentest-DRL/blob/master/user_guide.md), and it is not a generic template. Please see the section "Logical attack on generated topology" of the User Guide; basically, if you change the topology in 'Topology_generator/topo-gen-config' then you also need to update 'MulVAL_P/topo_gen_template.P' accordingly. I hope this helps. Best wishes, Razvan

crond-jaist avatar Aug 19 '22 02:08 crond-jaist

Hi, Thank you for response. Can you guide me about from where I can learn that how to change that template 'topo_gen_template.P' like do you know any tutorial because I tried searching and also checked the mulVAL documentation but I didn't found anything useful. One more thing in case of real network attack how can we generate that template because we will get the information of devices connected to network in real time using nmap. Thanks.

shoaib5261 avatar Aug 19 '22 14:08 shoaib5261

Hi again, Regarding the format of the P files used by MulVAL, it is supposed to be based on Datalog, but to be honest we didn't find a lot of resources either, and we just built our files based on samples we could find on the Internet. Below are a few links that may be useful for you, and I suggest contacting the MulVAL authors if you need more help: https://people.cs.ksu.edu/~xou/argus/software/mulval/readme.html https://github.com/fiware-cybercaptor/mulval/blob/master/doc/manual.md As for the real network attack mode, our current AutoPentest-DRL version assumes the network topology is known, and only uses 'nmap' to get the information about the devices, such as their open ports and vulnerabilities. It should be possible to extend the software to also detect the network topology and generate an appropriate template, but we didn't get that far yet. Best wishes, Razvan

crond-jaist avatar Aug 23 '22 01:08 crond-jaist

Thank you for your help, really appreciated. One last thing regarding the attack matrix that you are creating the for the RL Agent, As you assigned the awards as (0.01, -1, 100) for different phases, I just want to ask is this some kind of fix rewarding system or its up to us like how we want to reward our RL agent by changing the above values and model training accordingly. Thanks.

shoaib5261 avatar Aug 23 '22 11:08 shoaib5261

Hi, Regarding your new question about the attack matrix, the reward values that we used are just empirical values that seemed reasonable to us. Feel free however to change them in any way you seem fit, as we have not done much testing to see if the values that we chose are the best or not. Best wishes, Razvan

crond-jaist avatar Aug 26 '22 04:08 crond-jaist

Hi, Really appreciated, thank you for your help.

shoaib5261 avatar Aug 26 '22 15:08 shoaib5261