Issues with random graph

[sherdencooper]

Hi, I am working on generating the random graph and I found some logical issues with the random graph generation design (maybe).

1. First, I think the add_leak_neighbors_vulnerability function in generate_network.py should not return library directly. Since it is a global dictionary, using it to assign the vulnerability will make all nodes share the same vulnerability outcomes which is not reasonable. It can be fixed by return return copy.deepcopy(library)
2. Here the nodes except the entry node are iteratively assigned with vulnerabilities and services. However, some nodes may be assigned empty services before their corresponding access passwords are generated in the assigned_passwords. I fix this issue simply by repeating the loop.

I am not familiar with network attacks, so would it be convenient for you to check whether the editions are right? Thx a lot.

[blumu]

@sherendcooper Thanks for reporting. Could you share a diff or a PR so we can review the change you are proposing?

[blumu]

@sherdencooper Libraries of vulnerabilities are not necessarily global. The function add_leak_neighbors_vulnerability takes an optional library parameter, if not specified a new library gets created. This way each node can also have its own specific 'library' of vulnerabilities. For instance, in create_node_data, the function add_leak_neighbors_vulnerability gets called via create_vulnerabilities_from_traffic_data to create the set of vulnerabilities assigned to a particular node.
I don't think deep copy is needed here, since a new library gets created each time add_leak_neighbors_vulnerability is called (with library parameter set to None)

[blumu]

For 2. That's indeed a bug. The fix is to generate the nodes and services first with vulnerabilities set to empty. Then loop again over the nodes to generate and assign vulnerabilities for each node.

[sherdencooper]

I am not sure whether the problem1 is raised by the difference in the python version, but in my running without deepcopy, the generated graph does not have the vulnerabilities outcomes as expected. By debugging, I found that the code does not generate new library as it was expected to. All nodes are assigned with the same library address. I made a toy example to explain the issue I found. Could you try to run this toy example in python 3.8.0?

from typing import NamedTuple,Dict
import copy

VulnerabilityID = str
class VulnerabilityInfo(NamedTuple):
    """Definition of a known vulnerability"""
    cost: float = 1.0

VulnerabilityLibrary = Dict[VulnerabilityID, VulnerabilityInfo]


def toy_assign_1():
    def add_leak_neighbors_vulnerability(
            node_id: int,
            library: VulnerabilityLibrary = {}) -> VulnerabilityLibrary:
        library['ScanWindowsCredentialManagerForRDP'] = VulnerabilityInfo(cost=node_id)
        return library
    nodes = [0,1,2,3,4]
    nodes_cost = [0,0,0,0,0]
    for count, node in enumerate(nodes):
        nodes_cost[count] = add_leak_neighbors_vulnerability(count)
    print(nodes_cost)

def toy_assign_2():
    def add_leak_neighbors_vulnerability(
            node_id: int,
            library: VulnerabilityLibrary = {}) -> VulnerabilityLibrary:
        library['ScanWindowsCredentialManagerForRDP'] = VulnerabilityInfo(cost=node_id)
        return copy.deepcopy(library)
    nodes = [0,1,2,3,4]
    nodes_cost = [0,0,0,0,0]
    for count, node in enumerate(nodes):
        nodes_cost[count] = add_leak_neighbors_vulnerability(count)
    print(nodes_cost)


if __name__ == "__main__":
    toy_assign_1()
    toy_assign_2()

[blumu]

@sherdencooper I see! There is indeed a bug then, it seems that the empty library {} defined as the default value for the optional parameter is shared across all calls to the function! So a possible fix is set the default to None instead (library=None) and add the code:

if library is None:
  library = {}

[blumu]

@sherdencooper Reopening this bug. I think you might have closed it by accident. I've create a PR to fix the first part of the bug.