Cyber-Range Federation and Cyber-Security Games: A Gamification Scoring Model

2021 ◽  
Author(s):  
Jason Diakoumakos ◽  
Evangelos Chaskos ◽  
Nicholas Kolokotronis ◽  
George Lepouras
Keyword(s):  
Cyber Security ◽  
Scoring Model ◽  
Security Games ◽  
Cyber Range

CYRAN

2016 ◽  
pp. 226-241 ◽  
Author(s):  
Bil Hallaq ◽  
Andrew Nicholson ◽  
Richard Smith ◽  
Leandros Maglaras ◽  
Helge Janicke ◽  
...  
Keyword(s):  
Cyber Security ◽  
Decision Process ◽  
Academic Institutions ◽  
Research Focus ◽  
Major Aspect ◽  
Threat Analysis ◽  
Scada Systems ◽  
Low Costs ◽  
The Creation ◽  
Cyber Range

Cyber Security of ICS/SCADA systems is a major aspect of current research focus. Cyber Ranges and Test-beds can serve as means of vulnerability and threat analysis of real SCADA systems with low costs. Significantly lacking from current research, is detailed documentation of the decision process and the potential difficulties that need to be considered when undertaking the creation of a Cyber Range (CR) in order to facilitate the capture of labelled datasets which is included in this paper. This paper makes several further contributions; a review of Cyber Ranges created by Academic Institutions that influenced the criteria in creating CYRAN, the De Montfort University CYber RANge. The article presents the design implementation, the process of creating effective rules of engagement, the management and running of a Cyber Range Event (CRE) with partners from Industry and Academia and the creation of labelled datasets.

scholarly journals Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective

2020 ◽  
pp. 172-184 ◽  
Author(s):  
Iason Somarakis ◽  
Michail Smyrlis ◽  
Konstantinos Fysarakis ◽  
George Spanoudakis
Keyword(s):  
Cyber Security ◽  
Security Assurance ◽  
Model Driven ◽  
Cyber Range

scholarly journals Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework

2021 ◽  
Vol 11 (16) ◽  
pp. 7738
Author(s):  
Kyounggon Kim ◽  
Faisal Abdulaziz Alfouzan ◽  
Huykang Kim
Keyword(s):  
Cyber Security ◽  
Personal Information ◽  
Cyber Attacks ◽  
The Internet ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Security Framework ◽  
Scoring Model ◽  
Advanced Persistent Threats ◽  
The World

Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using sophisticated cyber-attack techniques that enable them to retrieve national confidential information beyond the theft of personal information or defacing websites. These sophisticated and advanced cyber-attacks can disrupt the critical infrastructures of a nation. Much research regarding cyber-attacks has been conducted; however, there has been a lack of research related to measuring cyber-attacks from the perspective of offensive cybersecurity. This motivated us to propose a methodology for quantifying cyber-attacks such that they are measurable rather than abstract. For this purpose, we identified each element of offensive cybersecurity used in cyber-attacks. We also investigated the extent to which the detailed techniques identified in the offensive cyber-security framework were used, by analyzing cyber-attacks. Based on these investigations, the complexity and intensity of cyber-attacks can be measured and quantified. We evaluated advanced persistent threats (APT) and fileless cyber-attacks that occurred between 2010 and 2020 based on the methodology we developed. Based on our research methodology, we expect that researchers will be able to measure future cyber-attacks.

scholarly journals The Use of Cyber Ranges in the Maritime Context

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Kimberly Tam ◽  
Kemedi Moara-Nkwe ◽  
Kevin Jones
Keyword(s):  
Cyber Security ◽  
Defensive Strategy ◽  
Skill Levels ◽  
Cyber Threats ◽  
Security Training ◽  
Training Programmes ◽  
Use Studies ◽  
Defence Strategies ◽  
Cyber Range ◽  
Computing Infrastructure

A good defensive strategy against evolving cyber threats and cybercrimes is to raise awareness and use that awareness to prepare technical mitigation and human defence strategies.  A prime way to do this is through training.  While there are already many sectors employing this strategy (e.g., space, smart buildings, business IT) maritime has yet to take advantage of the available cyber-range technology to assess cyber-risks and create appropriate training to meet those risks.   Cyber security training can come in two forms, the first is so security professionals can raise their awareness on the latest and most urgent issues and increase defence skill levels.  The second form is directed at non-security professionals (e.g., ship builders, crew) and the general public, who are just as affected by cyber threats but may not have the necessary security background to deal with the issues.  Conducting training programmes for both requires dedicated computing infrastructure to simulate and execute effective scenarios for both sets of trainees.  To this end, a cyber range (CR) provides an environment for just that.  The purpose of this paper is to use studies on the concept of cyber ranges to provide evidence on why the maritime sector should embrace this technology for maritime-cyber training, and envision how they will provide maritime training and risk assessment to combat tomorrow’s threats.

scholarly journals Addressing the Security Gap in IoT: Towards an IoT Cyber Range

Sensors ◽  
2020 ◽  
Vol 20 (18) ◽  
pp. 5439
Author(s):  
Oliver Nock ◽  
Jonathan Starkey ◽  
Constantinos Marios Angelopoulos
Keyword(s):  
Cyber Security ◽  
Modular Architecture ◽  
Technological Readiness ◽  
Concurrent Execution ◽  
Skills Shortage ◽  
Readiness Level ◽  
Research Goal ◽  
Iot Devices ◽  
Cyber Range ◽  
Future Work

The paradigm of Internet of Things has now reached a maturity level where the pertinent research goal is the successful application of IoT technologies in systems of high technological readiness level. However, while basic aspects of IoT connectivity and networking have been well studied and adequately addressed, this has not been the case for cyber security aspects of IoT. This is nicely demonstrated by the number of IoT testbeds focusing on networking aspects and the lack of IoT testbeds focusing on security aspects. Towards addressing the existing and growing skills-shortage in IoT cyber security, we present an IoT Cyber Range (IoT-CR); an IoT testbed designed for research and training in IoT security. The IoT-CR allows the user to specify and work on customisable IoT networks, both virtual and physical, and supports the concurrent execution of multiple scenarios in a scalable way following a modular architecture. We first provide an overview of existing, state of the art IoT testbeds and cyber security related initiatives. We then present the design and architecture of the IoT Cyber Range, also detailing the corresponding RESTful APIs that help de-associate the IoT-CR tiers and obfuscate underlying complexities. The design is focused around the end-user and is based on the four design principles for Cyber Range development discussed in the introduction. Finally, we demonstrate the use of the facility via a red/blue team scenario involving a variant of man-in-the-middle attack using IoT devices. Future work includes the use of the IoT-CR by cohorts of trainees in order to evaluate the effectiveness of specific scenarios in acquiring IoT-related cyber-security knowledge and skills, as well as the IoT-CR integration with a pan-European cyber-security competence network.

scholarly journals Cyber Range Automation Overview with a Case Study of CRATE

2021 ◽  
pp. 192-209
Author(s):  
Tommy Gustafsson ◽  
Jonas Almroth
Keyword(s):  
Cyber Security ◽  
Training Environment ◽  
Security Research ◽  
Skilled Personnel ◽  
Speed Up ◽  
Automated Tools ◽  
The Right ◽  
Research Initiatives ◽  
Cyber Range ◽  
And Training

AbstractCyber security research is quintessential to secure computerized systems against cyber threats. Likewise, cyber security training and exercises are instrumental in ensuring that the professionals protecting the systems have the right set of skills to do the job. Cyber ranges provide platforms for testing, experimentation and training, but developing and executing experiments and training sessions are labour intensive and require highly skilled personnel. Several cyber range operators are developing automated tools to speed up the creation of emulated environments and scenarios as well as to increase the number and quality of the executed events. In this paper we investigate automated tools used in cyber ranges and research initiatives designated to augment cyber ranges automation. We also investigate the automation features in CRATE (Cyber Range And Training Environment) operated by the Swedish Defence Research Agency (FOI).

CYRAN

2018 ◽  
pp. 622-637 ◽  
Author(s):  
Bil Hallaq ◽  
Andrew Nicholson ◽  
Richard Smith ◽  
Leandros Maglaras ◽  
Helge Janicke ◽  
...  
Keyword(s):  
Cyber Security ◽  
Decision Process ◽  
Academic Institutions ◽  
Research Focus ◽  
Major Aspect ◽  
Threat Analysis ◽  
Scada Systems ◽  
Low Costs ◽  
The Creation ◽  
Cyber Range

Cyber Security of ICS/SCADA systems is a major aspect of current research focus. Cyber Ranges and Test-beds can serve as means of vulnerability and threat analysis of real SCADA systems with low costs. Significantly lacking from current research, is detailed documentation of the decision process and the potential difficulties that need to be considered when undertaking the creation of a Cyber Range (CR) in order to facilitate the capture of labelled datasets which is included in this paper. This paper makes several further contributions; a review of Cyber Ranges created by Academic Institutions that influenced the criteria in creating CYRAN, the De Montfort University CYber RANge. The article presents the design implementation, the process of creating effective rules of engagement, the management and running of a Cyber Range Event (CRE) with partners from Industry and Academia and the creation of labelled datasets.

Sign in / Sign up

Export Citation Format

Share Document