GreenAccessService
Bases: RemoteAction
A Green Agent action for communicating with a server.
Attributes:
| Name | Type | Description |
|---|---|---|
src_ip |
IPv4Address
|
ip address of source host |
dest_ip |
IPv4Address
|
ip address of destination host |
dest_port |
int
|
port number of destination host to be contacted |
allowed_subnets |
list[str]
|
list of subnets that can be reached according to the mission phase |
fp_detection_rate |
float
|
the decimal probability that a false positive is created for blue (default=0.01) |
Functions
__init__
__init__(agent: str, session_id: int, src_ip: IPv4Address, allowed_subnets: List[str], fp_detection_rate: float)
Initialisation of green agent access service action.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent |
str
|
the name of the agent performing the access service action (source agent) |
required |
session_id |
int
|
source agent session id (default=0) |
required |
src_ip |
IPv4Address
|
ip address of source host |
required |
allowed_subnets |
list[str]
|
list of subnets that can be reached according to the mission phase |
required |
fp_detection_rate |
float
|
the decimal probability that a false positive is created for blue (default=0.01) |
required |
available_dest_service
Check if there is an active, reliable service to connect to; prioritising OT services.
execute
Have the green agent attempt to access a service from another server host, checking routability.
Deciding the destination host is done by random_reachable_ip(). If there are no reachable hosts, then there are no hosts that meet the green agent requirements that are available. This should not be possible without red actions having taken place, therefore the action will be unsuccessful.
Routing is calculated within the RemoteAction parent class, and a network path is returned by _get_my_used_route(). If no path is possible, None type is returned. This results in the action being unsuccessful, as something in the network has been effected (by red or blue) to cause this.
If there is a route, each host on the path is checked against the following points:
-
Check if the host is blocked
- If so, add a network_connections event to the host and return an unsuccessful observation
-
At the fp_detection_rate, add an erroneous network_connections event to the host
If a (unsucessful) observation has not yet been returned, the action has been sussessful and a successful observation is returned.
Notes
function closely mimics SendData action execute()
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
state |
State
|
state of simulation at current step |
required |
Returns:
| Name | Type | Description |
|---|---|---|
obs |
Observation
|
observation with true or false success |
random_reachable_ip
Finds an ip address that the green agent believes to be reachable.
The green agent has additional knowledge of the subnets that can be access for each mission. This should be applied to its access service choice, as it serves no purpose for someone to try to access a service they know they cannot. This knowledge is found in the agent's ActionSpace variable named allowed_subnets.
- If the agent knows that it's in an 'allowed_subnet' subnet, it can try to reach out to any other allowed_subnet (including its own).
- If the agent knows that its subnet has been intentionally cut off due to mission plans (i.e. not in the 'allowed_subnet' list), it will only try to reach out within its own subnet.
The green agent will only reach out to host that are not themselves (as this is covered under the GreenLocalWork Action), and hosts which are servers.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
state |
State
|
state of simulation at current step |
required |
Returns:
| Type | Description |
|---|---|
IPv4Address
|
ip address of target host |