TITLE:
Enhancing Microsoft CyberBattleSim for Enterprise Cybersecurity Simulations
AUTHORS:
Jackson Norris, Vijay K. Madisetti
KEYWORDS:
CyberBattleSim, Network Segmentation, Reinforcement Learning, Lateral Movement, Intrusion Detection
JOURNAL NAME:
Journal of Information Security,
Vol.16 No.2,
April
8,
2025
ABSTRACT: Microsoft’s CyberBattleSim environment effectively leverages Reinforcement Learning to simulate network intrusions and lateral movement, but its current implementation has limitations. In this paper, we extend the CyberBattleSim framework to support VLAN-based (Virtual Local Area Network) network segmentation. This modification enables researchers to design more realistic corporate network topologies, simulating both local and remote traffic management between isolated network segments. We present a novel methodology for integrating Access-Control Lists (ACLs) to enforce segmentation rules and demonstrate its application in a reinforcement learning (RL) setup. After implementing these enhancements, we benchmark the performance of several RL agents in the modified environment. The results show that network segmentation is effective at slowing an attacker attempting to move laterally through a simulated environment. Our work not only enhances the CyberBattleSim framework but creates opportunities for more robust research in attack-path prediction, lateral movement, and intrusion detection.