Skip to main content
SpringerLink
Log in

ADAPT- Automated Defence TrAining PlaTform in a Cyber Range

  • Conference paper
  • First Online:
Key Digital Trends Shaping the Future of Information and Management Science (ISMS 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 671))

Included in the following conference series:

Abstract

With the passage of time, many cyber security training programs are being developed. These programs teach skills ranging from ethical hacking to different cyber defence operations. Teaching or training such skills is a complex undertaking and requires complex platforms and tools, like cyber ranges. This is especially true for training and teaching defenders. For example, teaching realistic cyber defence requires building a vulnerable infrastructure instrumented and monitored with complex and sophisticated software. Due to ever-increasing cyber attacks, teaching such cyber defence operations are in high demand. Most of the current research activities within cyber ranges and cyber security training focus on (1) the generation of a general purpose vulnerable infrastructure and (2) the automatic assessment of skill and the generation of appropriate feedback in cyber security exercises. While providing training platforms for general purpose blue-team training is important, it is not enough. There is a need to adapt the training platforms to the evolving skills and competencies required to address the new challenges posed by the evolving cyber threat landscape. On the other hand, there is no specific focus in the current research on SoC (Security Operations Center) training. To tackle the aforementioned challenges, we developed an open source training platform focusing on SoC training, which is adaptable to cope with the new and evolving skills and knowledge requirements. We used our platform in a case study in a university setting.

M. Yamin—Research idea, system design, writing the original paper draft.

A. Shukla—Paper review and editing.

M. Ullah—Paper review and editing.

B. Katt—Research work supervision, paper review and editing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://attack.mitre.org/.

  2. 2.

    https://secureframe.com/hub/soc-2/common-criteria.

  3. 3.

    https://www.enisa.europa.eu/topics/cybersecurity-education/european-cybersecurity-skills-framework/ecsf-profiles-v-0-5-draft-release.pdf.

  4. 4.

    https://ecfusertool.itprofessionalism.org/.

  5. 5.

    https://www.hsdl.org/?view &did=467739.

  6. 6.

    https://secureframe.com/hub/soc-2/common-criteria.

References

  1. Blue team training toolkit. https://www.encripto.no. Accessed 21 Apr 2022

  2. Caldera - a scalable, automated adversary emulation platform. https://caldera.mitre.org/. Accessed 21 Apr 2022

  3. Project zero: The more you know, the more you know you don’t know. https://tinyurl.com/3a3pbe75. Accessed 21 Apr 2022

  4. Splunk attack range. https://github.com/splunk/attack_range. Accessed 19 Apr 2022

  5. Wazuh \(\cdot \) the open source security platform. https://wazuh.com/. Accessed 21 Apr 2022

  6. Brown, K., Doran, D.: Realistic traffic generation for web robots. In: 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 178–185. IEEE (2017)

    Google Scholar 

  7. Costa, A.D., Kuusijärvi, J.: Programmatic description language for cyber range topology creation. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 403–412. IEEE (2022)

    Google Scholar 

  8. DeCusatis, C., Bavaro, J., Cannistraci, T., Griffin, B., Jenkins, J., Ronan, M.: Red-blue team exercises for cybersecurity training during a pandemic. In: 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1055–1060. IEEE (2021)

    Google Scholar 

  9. Edgar, T., Manz, D.: Research Methods for Cyber Security. Syngress (2017)

    Google Scholar 

  10. Ernits, M., Tammekänd, J., Maennel, O.: i-tee: a fully automated cyber defense competition for students. ACM SIGCOMM Comput. Commun. Rev. 45(4), 113–114 (2015)

    Article  Google Scholar 

  11. Gustafsson, T., Almroth, J.: Cyber range automation overview with a case study of CRATE. In: Asplund, M., Nadjm-Tehrani, S. (eds.) NordSec 2020. LNCS, vol. 12556, pp. 192–209. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-70852-8_12

    Chapter  Google Scholar 

  12. Hannay, J.E., Stolpe, A., Yamin, M.M.: Toward AI-based scenario management for cyber range training. In: Stephanidis, C., et al. (eds.) HCII 2021. LNCS, vol. 13095, pp. 423–436. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90963-5_32

    Chapter  Google Scholar 

  13. Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)

    Google Scholar 

  14. Jagat, R.R., Sisodia, D.S., Singh, P.: Semi-supervised self-training approach for web robots activity detection in weblog. In: Suma, V., Fernando, X., Du, K.-L., Wang, H. (eds.) Evolutionary Computing and Mobile Sustainable Networks. LNDECT, vol. 116, pp. 911–924. Springer, Singapore (2022). https://doi.org/10.1007/978-981-16-9605-3_64

    Chapter  Google Scholar 

  15. Pattanayak, A., Steiner, S., de Leon, D.C.: Hands-on educational labs for cyber defense competition training. J. Colloq. Inf. Syst. Secur. Educ. 9, 8 (2022)

    Google Scholar 

  16. Russo, E., Costa, G., Armando, A.: Building next generation cyber ranges with crack. Comput. Secur. 95, 101837 (2020)

    Google Scholar 

  17. Sisodia, D.S., Borkar, R., Shrawgi, H.: Performance evaluation of large data clustering techniques on web robot session data. In: Tanveer, M., Pachori, R.B. (eds.) Machine Intelligence and Signal Analysis. AISC, vol. 748, pp. 545–553. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-0923-6_47

    Chapter  Google Scholar 

  18. Švábenskỳ, V., Vykopal, J., Čeleda, P., Tkáčik, K., Popovič, D.: Student assessment in cybersecurity training automated by pattern mining and clustering. Educ. Inf. Technol. 1–32 (2022)

    Google Scholar 

  19. Vielberth, M., Glas, M., Dietz, M., Karagiannis, S., Magkos, E., Pernul, G.: A digital twin-based cyber range for SOC analysts. In: Barker, K., Ghazinour, K. (eds.) DBSec 2021. LNCS, vol. 12840, pp. 293–311. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81242-3_17

    Chapter  Google Scholar 

  20. Yamin, M.M., Katt, B.: Inefficiencies in cyber-security exercises life-cycle: a position paper. In: AAAI Fall Symposium: ALEC, pp. 41–43 (2018)

    Google Scholar 

  21. Yamin, M.M., Katt, B.: Cyber security skill set analysis for common curricula development. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–8 (2019)

    Google Scholar 

  22. Yamin, M.M., Katt, B.: Modeling and executing cyber security exercise scenarios in cyber ranges. Comput. Secur. 116, 102635 (2022)

    Google Scholar 

  23. Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020)

    Google Scholar 

  24. Yamin, M.M., Katt, B., Nowostawski, M.: Serious games as a tool to model attack and defense scenarios for cyber-security exercises. Comput. Secur. 110, 102450 (2021)

    Google Scholar 

Download references

Acknowledgment

This work is part of a project ASCERT (AI-Based Scenario Management for Cyber Range Training) [12] in which we are developing an AI based solution for modeling and analysing attack defense scenarios in cyber ranges. We would like to acknowledge the valuable support from Md Mujahid Islam Peal, Espen Torseth and Lars Erik of the Norwegian Cyber Range engineering team. Additionally, we would also like to thank the comments of the SoC team of NTNU and Taltech for providing their valuable insights into SIEM solutions.

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Innlandet, Norway

    Muhammad Mudassar Yamin, Mohib Ullah & Basel Katt

  2. Department of Risk, Safety and Security, Institute for Energy Technology, 1777, Halden, Norway

    Ankur Shukla

Authors
  1. Muhammad Mudassar Yamin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ankur Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohib Ullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Basel Katt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Mudassar Yamin .

Editor information

Editors and Affiliations

  1. Faculty of Information and Communication Technology, University of Malta, Msida, Malta

    Lalit Garg

  2. Department of Computer Science and Engineering, National Institute of Technology Raipur, Chhatisgarh, India

    Dilip Singh Sisodia

  3. Central University of Rajasthan, Tehsil Kishangarh, Rajasthan, India

    Nishtha Kesswani

  4. CIS Department, University of Malta, Msida, Malta

    Joseph G. Vella

  5. EMLYON Business School, Écully, France

    Imene Brigui

  6. Department of Applied Data Science, Institute of Energy Technology, Halden, Norway

    Sanjay Misra

  7. Computer Science and Engineering, National Institute of Technology, Chhattisgarh, India

    Deepak Singh

A Sample Exercise Questions

A Sample Exercise Questions

  1. 1.

    Can you identify which tactic is implemented on which machine between 11:20 to 11:35 on 3/9/2022

  2. 2.

    Can you identify what happened between 11:40 and 12:00 on 3/9/2022

  3. 3.

    Can you identify a malicious user on a system who was created on 3/14/2022

  4. 4.

    Can you identify which privilege did the malicious user attained on 3/14/2022

  5. 5.

    Can you identify an abnormal action on server-612?

  6. 6.

    Can you identify BITS ADMIN Download via CMD on a system?

  7. 7.

    Can you identify where the short cut to cmd ‘t1547.009.lnk’ was created

  8. 8.

    Can you identify what happened in 172.21.219.56?

  9. 9.

    Can you identify where the user butter was added?

  10. 10.

    Can you identify what happened in 172.16.245.79?

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yamin, M.M., Shukla, A., Ullah, M., Katt, B. (2023). ADAPT- Automated Defence TrAining PlaTform in a Cyber Range. In: Garg, L., et al. Key Digital Trends Shaping the Future of Information and Management Science. ISMS 2022. Lecture Notes in Networks and Systems, vol 671. Springer, Cham. https://doi.org/10.1007/978-3-031-31153-6_17

Download citation

Publish with us

Policies and ethics

Search

Navigation