Skip to main content
SpringerLink
Log in

Towards the Monitoring and Evaluation of Trainees’ Activities in Cyber Ranges

  • Conference paper
  • First Online:
Model-driven Simulation and Training Environments for Cybersecurity (MSTEC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12512))

Abstract

Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities.

In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.simplan.de/en/software-2/jasima/.

  2. 2.

    This restriction on the use of atomic actions as transition labels does not limit our approach since, on the base of model granularity, a state transition can be labelled by completion events associated to complex activities.

  3. 3.

    https://docs.openstack.org/python-openstackclient/latest/.

  4. 4.

    https://cloud-init.io/.

  5. 5.

    https://cloudbase.it/cloudbase-init/.

  6. 6.

    https://pf4j.org/.

References

  1. Andreolini, M., Colacino, V.G., Colajanni, M., Marchetti, M.: A framework for the evaluation of trainee performance in cyber range exercises. Mob. Netw. Appl. 25(1), 236–247 (2020). https://doi.org/10.1007/s11036-019-01442-0. https://link.springer.com/article/10.1007/s11036-019-01442-0

  2. Braghin, C., Cimato, S., Damiani, E., Frati, F., Mauri, L., Riccobene, E.: A model driven approach for cyber security scenarios deployment. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 107–122. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_8

    Chapter  Google Scholar 

  3. Gamma, E., Helm, R., Johnson, R., Vlissides, J.M.: Design Patterns: Elements of Reusable Object-Oriented Software, 1st edn. Addison-Wesley Professional (1994)

    Google Scholar 

  4. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  5. Somarakis, I., Smyrlis, M., Fysarakis, K., Spanoudakis, G.: Model-driven cyber range training: a cyber security assurance perspective. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 172–184. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_12

    Chapter  Google Scholar 

  6. Soultatos, O., et al.: The THREAT-ARREST cyber-security training platform. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 199–214. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_14

    Chapter  Google Scholar 

  7. Tovar\(\check{\rm n}\)ák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Data Brief 31, 105784 (2020). https://doi.org/10.1016/j.dib.2020.105784

  8. Vykopal, J., Ošlejšek, R., Čeleda, P., Vizváry, M., Tovar\(\check{\rm n}\)ák, D.: KYPO cyber range: design and use cases. In: ICSOFT 2017 - Proceedings of the 12th International Conference on Software Technologies, pp. 310–321. SciTePress (2017). https://doi.org/10.5220/0006428203100321

  9. Vykopal, J., Vizvary, M., Oslejsek, R., Celeda, P., Tovarnak, D.: Lessons learned from complex hands-on defence exercises in a cyber range. In: Proceedings - Frontiers in Education Conference, FIE, October 2017, pp. 1–8. Institute of Electrical and Electronics Engineers Inc., December 2017. https://doi.org/10.1109/FIE.2017.8190713

Download references

Acknowledgements

This work has been partly funded by the European Commission within the H2020 project THREAT-ARREST (contract n. 786890).

Author information

Authors and Affiliations

  1. Computer Science Department, Università degli Studi di Milano, Milan, Italy

    Chiara Braghin, Stelvio Cimato, Ernesto Damiani, Fulvio Frati, Elvinia Riccobene & Sadegh Astaneh

  2. Research Centre on Cyber-Physical Systems (C2PS), Khalifa University, Abu Dhabi, UAE

    Ernesto Damiani

Authors
  1. Chiara Braghin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stelvio Cimato
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fulvio Frati
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Elvinia Riccobene
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sadegh Astaneh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chiara Braghin .

Editor information

Editors and Affiliations

  1. Foundation for Research and Technology - Hellas, Heraklion, Greece

    George Hatzivasilis

  2. Technical University of Crete, Chania, Greece

    Sotiris Ioannidis

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Braghin, C., Cimato, S., Damiani, E., Frati, F., Riccobene, E., Astaneh, S. (2020). Towards the Monitoring and Evaluation of Trainees’ Activities in Cyber Ranges. In: Hatzivasilis, G., Ioannidis, S. (eds) Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020. Lecture Notes in Computer Science(), vol 12512. Springer, Cham. https://doi.org/10.1007/978-3-030-62433-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62433-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62432-3

  • Online ISBN: 978-3-030-62433-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation