Skip to main content
SpringerLink
Log in

A Comparative Cost Analysis of Organizational Network Security Test Lab Setup on Cloud Versus Dedicated Virtual Machine

  • Conference paper
  • First Online:
Smart Trends in Computing and Communications

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 396))

  • 716 Accesses

Abstract

The global network infrastructure spectrum is witnessing its fastest growth since the last decade with concurrent rise in cloud computing, Internet of things (IoT), and edge computing. There has been a multitude of heterogeneous networking devices spanning different configurations and using a variety of access methods. A parallel evolution of the network infrastructure security is happening with increasing attempts to exploit the security vulnerabilities in mission critical cyber-assets of organizations. Several organizations invest heavily in security research using lengthy and cryptic mathematical models while ignoring the practical network implementation situation and focus only on the monetary implications of the attack and defense. Attack tree has evolved as a convenient and cost effective way of plotting the network in which an attack may take place and can also help organizations understand the way it can be defended. Attack trees combined with the MITRE ATT&CK framework are widely used for crown jewels risk assessment globally. However, the major challenge for information security experts using the attack tree methodology lies in manually creating the attack tree and plotting all the crown jewels and perimeter network so that it can be defended from attackers. We propose a test lab setup for simulation and attack tree generation, which can be used in conjunction with the MITRE ATT&CK framework and allow us to create and assess various attack scenarios while providing flexibility in subnet configuration and movement, addition or removal of networking devices. The lab can be cloud hosted with a popular cloud hosting on Microsoft Azure or may be created on a VM within a dedicated high-resource machine to be used as a portable testbed. The results indicate that both services have their own pros and cons based on the hours of usage, and the dedicated resource VM testbed may perform better in a low-risk potential small network while the cloud-based approach is useful for the scalable organizations with high-threat potential.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Herjavecgroup.com Official Annual Cyber Crime Report 2018. [online] Available at: https://www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf. Accessed 10 Oct 2021

  2. B. Schneier, “Attack trees: modeling security threats,” Dr. Dobb’s Journal, December (1999)

    Google Scholar 

  3. I. Ray, N. Poolsapassit, Using attack trees to identify malicious attacks from authorized insiders. In Proceedings of the 10th European Conference on Research in Computer Security (ESORICS'05) (Springer, Berlin, Heidelberg, 2005), pp. 231–246. https://doi.org/10.1007/11555827_14

  4. S. Mauw, M. Oostdijk, Foundations of attack trees. Lecture Notes Comput. Sci. 3935, 186–198 (2006). https://doi.org/10.1007/11734727_17

    Article  MathSciNet  MATH  Google Scholar 

  5. J. Stefan, M. Schumacher, Collaborative attack modeling. In Proc. SAC 2002 (ACM, 2002), pp. 253–259

    Google Scholar 

  6. T. Tidwell, R. Larson, K. Fitch, J. Hale, Modeling internet attacks, in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (2001)

    Google Scholar 

  7. K. S. Edge, G.C. Dalton II, R.A., Raines, R.F., Mills, “Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security” MILCOM 2007 (2007), pp. 1–7

    Google Scholar 

  8. R. Jhawar, B. Kordy, S. Mauw, S. Radomirovic, R. Trujillo-Rasua, Attack trees with sequential conjunction. IFIP Adv. Inf. Commun. Technol. 455 (2015). https://doi.org/10.1007/978-3-319-18467-8_23

  9. S. Noel, S. Jajodia, “Managing attack graph complexity through visual hierarchical aggregation”, in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security (New York, USA, 2004), pp. 109–118

    Google Scholar 

  10. O. Sheyner, Scenario Graphs and Attack Graphs. Ph.D. thesis, Carnegie Mellon University (2004)

    Google Scholar 

  11. S. Noel, S. Jajodia, “Managing attack graph complexity through visual hierarchical aggregation”, in Proceedings of the workshop on Visualization and data mining for computer security (New York, USA, 2004), pp. 109–118

    Google Scholar 

  12. S. Mauw, M. Oostdijk, Foundations of attack trees, in ICISC 2005. ed. by D.H. Won, S. Kim. LNCS 3935. (Springer, Heidelberg, 2005), pp. 186–198

    Google Scholar 

  13. B. Kordy, S. Mauw, S. Radomirovic, P. Schweitzer, “Foundations of Attack–Defense Trees,” In: LNCS (Springer, Heidelberg, 2010). Available at http://satoss.uni.lu/members/barbara/papers/adt.pdf

  14. Gartner, Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021 (2020). [online] Available at: https://www.gartner.com/en/newsroom/press-releases/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021. Accessed 16 Oct 2021]

  15. All prices shown are in US Dollar ($). This is a summary estimate, not a quote. For up to date pricing information please visit https://azure.microsoft.com/pricing/calculator/. This estimate was created at 10/16/2021 6:09:58 AM UTC

  16. Newegg.com. 2021. Newegg—Shopping Upgraded. [online] Available at: https://www.newegg.com/. Accessed 16 Oct 2021

  17. Netgate. 2021. Netgate 5100 pfSense+ Security Gateway. [online] Available at: <https://shop.netgate.com/products/5100-pfsense> [Accessed 16 October 2021].

  18. GitHub, GitHub—telekom-security/tpotce: T-Pot - The All In One Honeypot Platform (2021). [online] Available at: <https://github.com/telekom-security/tpotce>. Accessed 16 Oct 2021

  19. V. Pro, VMware Workstation 16 Pro. [online] Store-us.vmware.com (2021). Available at: https://store-us.vmware.com/vmware-workstation-16-pro-5424176500.html. Accessed 16 Oct 2021

  20. M. Yadav, S. Gupta, Hybrid meta-heuristic VM load balancing optimization approach. J. Inf. Optim Sci. 41(2), 577–586 (2020). https://doi.org/10.1080/02522667.2020.1733190

    Article  Google Scholar 

  21. S. Gupta, B. Gupta, Performance modeling and evaluation of transportation systems using analytical recursive decomposition algorithm for cyclone mitigation. J. Inf. Optim. Sci. 40(5), 1131–1141 (2019). https://doi.org/10.1080/02522667.2019.1638003

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SoET, MVN University, Haryana, India

    Sachin Gupta & Atul Rana

  2. MAIT, GGSIPU, Delhi, India

    Bhoomi Gupta

  3. Research Scholar, MVN University, Haryana, India

    Atul Rana

Authors
  1. Sachin Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bhoomi Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Atul Rana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sachin Gupta .

Editor information

Editors and Affiliations

  1. University of Leicester, Leicester, UK

    Yu-Dong Zhang

  2. Faculty of Engineering, University of the Ryukyus, Nishihara, Okinawa, Japan

    Tomonobu Senjyu

  3. Department of Computer Science, Khon Kaen University, Khon Kaen, Thailand

    Chakchai So-In

  4. Global Knowledge Research Foundation, Ahmedabad, Gujarat, India

    Amit Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gupta, S., Gupta, B., Rana, A. (2023). A Comparative Cost Analysis of Organizational Network Security Test Lab Setup on Cloud Versus Dedicated Virtual Machine. In: Zhang, YD., Senjyu, T., So-In, C., Joshi, A. (eds) Smart Trends in Computing and Communications. Lecture Notes in Networks and Systems, vol 396. Springer, Singapore. https://doi.org/10.1007/978-981-16-9967-2_58

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-9967-2_58

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-9966-5

  • Online ISBN: 978-981-16-9967-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation