Top

Mobile Networks and Applications

Published in:

02-12-2019

A Framework for the Evaluation of Trainee Performance in Cyber Range Exercises

Authors: Mauro Andreolini, Vincenzo Giuseppe Colacino, Michele Colajanni, Mirco Marchetti

Published in: Mobile Networks and Applications | Issue 1/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper proposes a novel approach for the evaluation of the performance achieved by trainees involved in cyber security exercises implemented in modern cyber ranges. Our main contributions include: the definition of a distributed monitoring architecture for gathering relevant information about trainees activities; an algorithm for modeling the trainee activities using directed graphs; novel scoring algorithms, based on graph operations, that evaluate different aspects (speed, precision) of a trainee during an exercise. With respect to previous work, our proposal allows to measure exactly how fast a user is progressing towards an objective and where he does wrong. We highlight that this is currently not possible in the most popular cyber ranges.

previous article Editorial: Advanced Techniques for Memory Forensics Analysis

next article Disk Cluster Allocation Behavior in Windows and NTFS

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

inform now

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

inform now

Bagnato A, Kordy B, Meland PH, Schweitzer P (2012) Attribute decoration of attack–defense trees. Int J Secur Softw Eng (IJSSE) 3(2):1–35CrossRef

Bowen BM, Devarajan R, Stolfo S (2011) Measuring the human factor of cyber security. In: 2011 IEEE International conference on technologies for homeland security (HST). IEEE, pp 230–235

Carlisle M, Chiaramonte M, Caswell D (2015) Using ctfs for an undergraduate cyber education. In: 2015 {USENIX} summit on gaming, games, and gamification in security education (3GSE 15)

Čeleda P, Čegan J, Vykopal J, Tovarňák D (2015) Kypo–a platform for cyber defence exercises. M&S Support to Operational Tasks Including War Gaming, Logistics,Cyber Defence. NATO Science and Technology Organization

CISCO Cyber Range (2016) https://www.cisco.com/c/dam/global/en_au/\solutions/security/pdfs/cyber_range_aag_v2.pdf

Evans M, He Y, Maglaras L, Janicke H (2019) Heart-is: a novel technique for evaluating human error-related information security incidents. Comput Secur 80:74–89CrossRef

Ferguson B, Tall A, Olsen D (2014) National cyber range overview. In: 2014 IEEE Military communications conference. IEEE, pp 123–128

Huang K, Siegel M, Stuart M (2018) Systematically understanding the cyber attack business: a survey. ACM Comput Surv (CSUR) 51(4):70CrossRef

IXIA Cyber Range (2014) https://www.ixiacom.com/solutions/cyber-range

10.

Jameel A, Shahzad K, Zafar A, Ahmed U, Hussain SJ, Sajid A (2018) The users experience quality of responsive web design on multiple devices. In: Proceedings of the 2nd international conference on future networks and distributed systems. ACM , p 69

11.

Kordy B, Kordy P, Mauw S, Schweitzer P (2013) Adtool: security analysis with attack–defense trees. In: International conference on quantitative evaluation of systems. Springer, pp 173–176

12.

Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28(7):509–520CrossRef

13.

Lampesberger H (2016) Technologies for web and cloud service interaction: a survey. SOCA 10(2):71–110CrossRef

14.

Mauw S, Oostdijk M (2005) Foundations of attack trees. In: International conference on information security and cryptology. Springer, pp 186–198

15.

Miehling E, Rasouli M, Teneketzis D (2015) Optimal defense policies for partially observable spreading processes on bayesian attack graphs. In: Proceedings of the second ACM workshop on moving target defense. ACM, pp 67–76

16.

Ou X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM conference on computer and communications security. ACM, pp 336–345

17.

Pernik P (2014) Improving cyber security: Nato and the eu International Centre for Defense Studies

18.

Poolsappasit N, Dewri R, Ray I (2011) Dynamic security risk management using Bayesian attack graphs. IEEE Trans Depend Secur Comput 9(1):61–74CrossRef

19.

Schneier B (1999) Attack trees. Dr Dobb’s J 24(12):21–29

20.

Sheyner O, Haines J, Jha S, Lippmann R, Wing JM (2002) Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE symposium on security and privacy. IEEE , pp 273–284

21.

Vykopal J, Vizváry M, Oslejsek R, Celeda P, Tovarnak D (2017) Lessons learned from complex hands-on defence exercises in a cyber range. In: 2017 IEEE frontiers in education conference (FIE). IEEE, pp 1–8

22.

Zonouz SA, Khurana H, Sanders WH, Yardley TM (2013) Rre: a game-theoretic intrusion response and recovery engine. IEEE Trans Parallel Distrib Syst 25(2):395–406CrossRef

Title: A Framework for the Evaluation of Trainee Performance in Cyber Range Exercises
Authors: Mauro Andreolini
Vincenzo Giuseppe Colacino
Michele Colajanni
Mirco Marchetti
Publication date: 02-12-2019
Publisher: Springer US
Published in: Mobile Networks and Applications / Issue 1/2020
Print ISSN: 1383-469X
Electronic ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-019-01442-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Other articles of this Issue 1/2020

Consortium Blockchain-Based Secure Software Defined Vehicular Network

Secrecy Performance in the Internet of Things: Optimal Energy Harvesting Time Under Constraints of Sensors and Eavesdroppers

Outage Performance Analysis of Energy Harvesting Wireless Sensor Networks for NOMA Transmissions

Correction to: A Physical-Layer Key Distribution Mechanism for IoT Networks

A Novel Semi-fragile Digital Watermarking Scheme for Scrambled Image Authentication and Restoration

Enhancing Efficient Link Performance in ZigBee Under Cross-Technology Interference