Skip to main content

Microsoft took a lesson from video games to secure PCs with AI

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft released CyberBattleSim on GitHub.
  • The simulation is used to study how cyber attacks work their way through a network.
  • CyberBattlesim's goal is to help AI improve in defending against attacks.

Microsoft released an open-source cyberattack simulator called CyberBattleSim on GitHub earlier today. Researchers and security experts can use the simulator to study how cyber attacks work their way through a network. Microsoft's blog post (opens in new tab) on the simulator is a technical read aimed mainly at security researchers and experts.

The blog post has quite a bit of jargon that you'll have to parse through, but Microsoft uses a helpful video game analogy to explain the setup.

The player of the game is the agent, the commands it takes are the actions, and the ultimate reward is winning the game. The best reinforcement learning algorithms can learn effective strategies through repeated experience by gradually learning what actions to take in each state of the environment. The more the agents play the game, the smarter they get at it.

In other words, people can create a model of computer nodes and then have a simulated attacker exploit vulnerabilities and work its way through the network. This model can then be used to develop defender agents. This setup uses reinforcement learning to train autonomous agents that can perform better than humans at games.

Source: Microsoft (Image credit: Source: Microsoft)

This approach to security provides valuable insight, but Microsoft didn't use it for modeling actual network traffic. Instead, the strategy focuses on understanding how agents work through a network. Microsoft explains towards the end of its blog post:

The simulation in CyberBattleSim is simplistic, which has advantages: Its highly abstract nature prohibits direct application to real-world systems, thus providing a safeguard against potential nefarious use of automated agents trained with it. It also allows us to focus on specific aspects of security we aim to study and quickly experiment with recent machine learning and AI algorithms.

Using this setup, Microsoft hopes that people can study how AI can defend against attacks.

This is all quite technical and doesn't affect how you secure your PC on a daily basis. If you're looking to improve your PC security, here are tips for managing Windows Security on Windows 10.

Sean Endicott is the news writer for Windows Central. If it runs Windows, is made by Microsoft, or has anything to do with either, he's on it. Sean's been with Windows Central since 2017 and is also our resident app expert. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.

1 Comment
  • This sounds pretty cool. I will have to fire it up. We already use Defender ATP so this could help