Maria Leitner
Maximilian Frank
Florian Skopik
ABSTRACT
With the evolution of threats and attacks and the speed of automation, new modern training and learning environments are needed to support the challenges of digital organizations and societies. In recent years, cyber ranges, i.e., virtual environments that support the simulation of diverse infrastructures, have emerged and are often utilized for cyber security exercises or training. With these environments, organizations or individuals can increase their preparedness and dexterity, for example, by training to identify and mitigate incidents and attacks. In this paper, we present the AIT Cyber Range which was designed based on several principles such as scalability, flexibility and the utilization of Open Source technologies. This paper outlines the building blocks of the architecture and implementation: computing platform, infrastructure provisioning, software provisioning and scenario engine. Furthermore, the implementation is demonstrated by three use cases: cyber exercises, training as well as security research and development. For future work, we aim to further extend the building blocks and to address federation and interoperability with other cyber ranges.
- David Allison, Paul Smith, Kieran McLaughlin, Fan Zhang, Jamie Coble, and Rodney Busquim. 2020. PLC-based Cyber-Attack Detection: A Last Line of Defence. In IAEA International Conference on Nuclear Security: Sustaining and Strengthening Efforts. IAEA, 10. https://conferences.iaea.org/event/181/contributions/15513/Google Scholar
- Agnė Brilingaitė, Linas Bukauskas, and Eduardas Kutka. 2017. Development of an Educational Platform for Cyber Defence Training. In European Conference on Cyber Warfare and Security. Academic Conferences International Limited, 73--81.Google Scholar
- Jon Davis and Shane Margath. 2013. A Survey of Cyber Ranges and Testbeds. Technical Report DSTO -GD -0771. Cyber Electronic Warfare Division, DSTO Defence Science and Technology Organisation, Edinburgh, South Australia 5111, Australia. http://www.dtic.mil/dtic/tr/fulltext/u2/a594524.pdfGoogle Scholar
- Tamara Denning, Adam Lerner, Adam Shostack, and Tadayoshi Kohno. 2013. Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13). ACM, Berlin, Germany, 915--928.Google ScholarDigital Library
- ECSO. 2020. Understanding Cyber Ranges: From Hype to Reality. WG5 PAPER. European Cyber Security Organisation (ECSO), Brussels, Belgium. 31 pages. https://www.ecs-org.eu/documents/uploads/understanding-cyber-ranges-from-hype-to-reality.pdfGoogle Scholar
- ENISA. 2015. The 2015 Report on National and International Cyber Security Exercises. Technical Report 1.0. European Union Agency for Network and Information Security (ENISA), Heraklion, Greece. 32 pages. https://www.enisa.europa.eu/publications/latest-report-on-national-and- international- cyber-security-exercises/at_download/fullReportGoogle Scholar
- B. Ferguson, A. Tall, and D. Olsen. 2014. National Cyber Range Overview. In 2014 IEEE Military Communications Conference (MILCOM). IEEE, Baltimore, MD, 123--128.Google Scholar
- M. Frank, M. Leitner, and T. Pahi. 2017. Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education. In 2017 IEEE 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress. IEEE, Orlando, FL, USA, 38--46. https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23Google Scholar
- Sylvain Frey, Awais Rashid, Pauline Anthonysamy, Maria Pinto-Albuquerque, and Syed Asad Naqvi. 2019. The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game. IEEE Transactions on Software Engineering 45, 5 (May 2019), 521--536. https://doi.org/10.1109/TSE.2017.2782813Google ScholarCross Ref
- J. Kim, Y. Maeng, and M. Jang. 2019. Becoming Invisible Hands of National Live-Fire Attack-Defense Cyber Exercise. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). IEEE, Stockholm, Sweden, 77--84.Google Scholar
- Stela Kucek and Maria Leitner. 2020. An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments. Journal of Network and Computer Applications 151 (Feb. 2020), 102470. https://doi.org/10.1016/j.jnca.2019.102470Google ScholarDigital Library
- Stela Kucek and Maria Leitner. 2020. Training the Human-in-the-Loop in Industrial Cyber Ranges. In Digital Transformation in Semiconductor Manufacturing (Lecture Notes in Electrical Engineering), Sophia Keil, Rainer Lasch, Fabian Lindner, and Jacob Lohmer (Eds.). Springer International Publishing, Cham, 107--118. https://doi.org/10.1007/978-3-030-48602-0_10Google Scholar
- Maria Leitner, Timea Pahi, and Florian Skopik. 2017. Situational Awareness for Strategic Decision Making on a National Level. In Collaborative Cyber Threat Intelligence, Florian Skopik (Ed.). CRC Press, 225--276.Google Scholar
- U.S. Department of Commerce National Institute of Standards and Technology. 2018. Cyber Ranges. Technical Report. NIST, US. https://www.nist.gov/system/files/documents/2018/02/13/cyber_ranges.pdfGoogle Scholar
- Cuong Pham, Dat Tang, Ken-ichi Chinen, and Razvan Beuran. 2016. CyRIS: a cyber range instantiation system for facilitating security training. In Proceedings of the Seventh Symposium on Information and Communication Technology (SoICT '16). ACM, Ho Chi Minh City, Vietnam, 251--258.Google ScholarDigital Library
- Florian Skopik, Giuseppe Settanni, Roman Fiedler, and Ivo Friedberg. 2014. Semi-synthetic data set generation for security software evaluation. In Proc. of the 12th Annual International Conference on Privacy, Security and Trust. IEEE, 156--163.Google ScholarCross Ref
- Ciza Thomas, Vishwas Sharma, and N Balakrishnan. 2008. Usefulness of DARPA dataset for intrusion detection system evaluation. In Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, Vol. 6973. International Society for Optics and Photonics, SPIE, 164--171.Google ScholarCross Ref
- Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, and Yan Shoshitaishvili. 2014. Ten Years of iCTF: The Good, The Bad, and The Ugly. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX Association, San Diego, CA, 7.Google Scholar
- Jan Vykopal, Martin Vizvary, Radek Oslejsek, Pavel Celeda, and Daniel Tovarnak. 2017. Lessons learned from complex hands-on defence exercises in a cyber range. In 2017 IEEE Frontiers in Education Conference (FIE). IEEE Computer Society, Indianapolis, IN, USA, 1--8. https://doi.org/10.1109/FIE.2017.8190713Google ScholarDigital Library
- Markus Wurzenberger, Florian Skopik, Giuseppe Settanni, and Wolfgang Scherrer. 2016. Complex log file synthesis for rapid sandbox-benchmarking of security-and computer network analysis tools. Information Systems 60 (2016), 13--33.Google ScholarDigital Library
- Muhammad Mudassar Yamin, Basel Katt, and Vasileios Gkioulos. 2020. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security 88 (Jan. 2020), 101636. https://doi.org/10.1016/j.cose.2019.101636Google ScholarDigital Library
Index Terms
AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research
Recommendations
Nautilus: A Tool For Automated Deployment And Sharing Of Cyber Range Scenarios
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and SecurityIn any cybersecurity training program, a non-marginal fraction of the activities are usually devoted to ”hands-on” practice, typically in the form of vulnerable scenarios that the trainee must evaluate/penetrate. The manual setup and implementation of ...
Cyber modeling & simulation for cyber-range events
SummerSim '15: Proceedings of the Conference on Summer Computer SimulationThe speed and combinatorial nature of the evolving cyber threat demands a more flexible modeling and simulation (M&S) approach utilizing cyber ranges. In this paper, we provide a summary of the base-line process to conduct cyber-range events. In ...
Use of cyber attack and defense agents in cyber ranges: A case study
AbstractWith the ever-changing cybersecurity landscape, the need for a continuous training for new cybersecurity skill sets is a requirement. Such continuous training programs can be delivered on platforms like cyber ranges. Cyber ranges ...
Comments