Author(s)

Jackson Norris, Vijay K. Madisetti

School of Cybersecurity and Privacy, College of Computing, Georgia Institute of Technology, Atlanta, GA, USA.

Microsoft’s CyberBattleSim environment effectively leverages Reinforcement Learning to simulate network intrusions and lateral movement, but its current implementation has limitations. In this paper, we extend the CyberBattleSim framework to support VLAN-based (Virtual Local Area Network) network segmentation. This modification enables researchers to design more realistic corporate network topologies, simulating both local and remote traffic management between isolated network segments. We present a novel methodology for integrating Access-Control Lists (ACLs) to enforce segmentation rules and demonstrate its application in a reinforcement learning (RL) setup. After implementing these enhancements, we benchmark the performance of several RL agents in the modified environment. The results show that network segmentation is effective at slowing an attacker attempting to move laterally through a simulated environment. Our work not only enhances the CyberBattleSim framework but creates opportunities for more robust research in attack-path prediction, lateral movement, and intrusion detection.

CyberBattleSim, Network Segmentation, Reinforcement Learning, Lateral Movement, Intrusion Detection

Norris, J. and Madisetti, V. K. (2025) Enhancing Microsoft CyberBattleSim for Enterprise Cybersecurity Simulations. Journal of Information Security, 16, 270-282. doi: 10.4236/jis.2025.162014.