Abstract
With the passage of time, many cyber security training programs are being developed. These programs teach skills ranging from ethical hacking to different cyber defence operations. Teaching or training such skills is a complex undertaking and requires complex platforms and tools, like cyber ranges. This is especially true for training and teaching defenders. For example, teaching realistic cyber defence requires building a vulnerable infrastructure instrumented and monitored with complex and sophisticated software. Due to ever-increasing cyber attacks, teaching such cyber defence operations are in high demand. Most of the current research activities within cyber ranges and cyber security training focus on (1) the generation of a general purpose vulnerable infrastructure and (2) the automatic assessment of skill and the generation of appropriate feedback in cyber security exercises. While providing training platforms for general purpose blue-team training is important, it is not enough. There is a need to adapt the training platforms to the evolving skills and competencies required to address the new challenges posed by the evolving cyber threat landscape. On the other hand, there is no specific focus in the current research on SoC (Security Operations Center) training. To tackle the aforementioned challenges, we developed an open source training platform focusing on SoC training, which is adaptable to cope with the new and evolving skills and knowledge requirements. We used our platform in a case study in a university setting.
M. Yamin—Research idea, system design, writing the original paper draft.
A. Shukla—Paper review and editing.
M. Ullah—Paper review and editing.
B. Katt—Research work supervision, paper review and editing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
https://secureframe.com/hub/soc-2/common-criteria.
- 3.
- 4.
- 5.
- 6.
References
Blue team training toolkit. https://www.encripto.no. Accessed 21 Apr 2022
Caldera - a scalable, automated adversary emulation platform. https://caldera.mitre.org/. Accessed 21 Apr 2022
Project zero: The more you know, the more you know you don’t know. https://tinyurl.com/3a3pbe75. Accessed 21 Apr 2022
Splunk attack range. https://github.com/splunk/attack_range. Accessed 19 Apr 2022
Wazuh \(\cdot \) the open source security platform. https://wazuh.com/. Accessed 21 Apr 2022
Brown, K., Doran, D.: Realistic traffic generation for web robots. In: 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 178–185. IEEE (2017)
Costa, A.D., Kuusijärvi, J.: Programmatic description language for cyber range topology creation. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 403–412. IEEE (2022)
DeCusatis, C., Bavaro, J., Cannistraci, T., Griffin, B., Jenkins, J., Ronan, M.: Red-blue team exercises for cybersecurity training during a pandemic. In: 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1055–1060. IEEE (2021)
Edgar, T., Manz, D.: Research Methods for Cyber Security. Syngress (2017)
Ernits, M., Tammekänd, J., Maennel, O.: i-tee: a fully automated cyber defense competition for students. ACM SIGCOMM Comput. Commun. Rev. 45(4), 113–114 (2015)
Gustafsson, T., Almroth, J.: Cyber range automation overview with a case study of CRATE. In: Asplund, M., Nadjm-Tehrani, S. (eds.) NordSec 2020. LNCS, vol. 12556, pp. 192–209. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-70852-8_12
Hannay, J.E., Stolpe, A., Yamin, M.M.: Toward AI-based scenario management for cyber range training. In: Stephanidis, C., et al. (eds.) HCII 2021. LNCS, vol. 13095, pp. 423–436. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90963-5_32
Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)
Jagat, R.R., Sisodia, D.S., Singh, P.: Semi-supervised self-training approach for web robots activity detection in weblog. In: Suma, V., Fernando, X., Du, K.-L., Wang, H. (eds.) Evolutionary Computing and Mobile Sustainable Networks. LNDECT, vol. 116, pp. 911–924. Springer, Singapore (2022). https://doi.org/10.1007/978-981-16-9605-3_64
Pattanayak, A., Steiner, S., de Leon, D.C.: Hands-on educational labs for cyber defense competition training. J. Colloq. Inf. Syst. Secur. Educ. 9, 8 (2022)
Russo, E., Costa, G., Armando, A.: Building next generation cyber ranges with crack. Comput. Secur. 95, 101837 (2020)
Sisodia, D.S., Borkar, R., Shrawgi, H.: Performance evaluation of large data clustering techniques on web robot session data. In: Tanveer, M., Pachori, R.B. (eds.) Machine Intelligence and Signal Analysis. AISC, vol. 748, pp. 545–553. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-0923-6_47
Švábenskỳ, V., Vykopal, J., Čeleda, P., Tkáčik, K., Popovič, D.: Student assessment in cybersecurity training automated by pattern mining and clustering. Educ. Inf. Technol. 1–32 (2022)
Vielberth, M., Glas, M., Dietz, M., Karagiannis, S., Magkos, E., Pernul, G.: A digital twin-based cyber range for SOC analysts. In: Barker, K., Ghazinour, K. (eds.) DBSec 2021. LNCS, vol. 12840, pp. 293–311. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81242-3_17
Yamin, M.M., Katt, B.: Inefficiencies in cyber-security exercises life-cycle: a position paper. In: AAAI Fall Symposium: ALEC, pp. 41–43 (2018)
Yamin, M.M., Katt, B.: Cyber security skill set analysis for common curricula development. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–8 (2019)
Yamin, M.M., Katt, B.: Modeling and executing cyber security exercise scenarios in cyber ranges. Comput. Secur. 116, 102635 (2022)
Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020)
Yamin, M.M., Katt, B., Nowostawski, M.: Serious games as a tool to model attack and defense scenarios for cyber-security exercises. Comput. Secur. 110, 102450 (2021)
Acknowledgment
This work is part of a project ASCERT (AI-Based Scenario Management for Cyber Range Training) [12] in which we are developing an AI based solution for modeling and analysing attack defense scenarios in cyber ranges. We would like to acknowledge the valuable support from Md Mujahid Islam Peal, Espen Torseth and Lars Erik of the Norwegian Cyber Range engineering team. Additionally, we would also like to thank the comments of the SoC team of NTNU and Taltech for providing their valuable insights into SIEM solutions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Sample Exercise Questions
A Sample Exercise Questions
-
1.
Can you identify which tactic is implemented on which machine between 11:20 to 11:35 on 3/9/2022
-
2.
Can you identify what happened between 11:40 and 12:00 on 3/9/2022
-
3.
Can you identify a malicious user on a system who was created on 3/14/2022
-
4.
Can you identify which privilege did the malicious user attained on 3/14/2022
-
5.
Can you identify an abnormal action on server-612?
-
6.
Can you identify BITS ADMIN Download via CMD on a system?
-
7.
Can you identify where the short cut to cmd ‘t1547.009.lnk’ was created
-
8.
Can you identify what happened in 172.21.219.56?
-
9.
Can you identify where the user butter was added?
-
10.
Can you identify what happened in 172.16.245.79?
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Yamin, M.M., Shukla, A., Ullah, M., Katt, B. (2023). ADAPT- Automated Defence TrAining PlaTform in a Cyber Range. In: Garg, L., et al. Key Digital Trends Shaping the Future of Information and Management Science. ISMS 2022. Lecture Notes in Networks and Systems, vol 671. Springer, Cham. https://doi.org/10.1007/978-3-031-31153-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-31153-6_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-31152-9
Online ISBN: 978-3-031-31153-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)