Abstract
In light of the ever-increasing complexity and criticality of applications supported by ICT infrastructures, Cyber Ranges emerge as a promising solution to effectively train people within organisations on cyber-security aspects, thus providing an efficient mechanism to manage the associated risks. Motivated by this, the work presented herein introduces the model-driven approach of the THREAT-ARREST project for Cyber Range training, presenting in detail the Cyber Threat Training and Preparation (CTTP) models. These models, comprising sub-models catering for different aspects of the training, are used for specifying and generating the Training Programmes. As such, the paper also provides details on implementation aspects regarding the use of these models in the context of a usable cyber range training platform and two specific training scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alarming Cyber Security Facts and Stats (2019). https://www.cybintsolutions.com/cyber-security-facts-stats/
Braghin, C., Cimato, S., Damiani, E., Frati, F., Mauri, L., Riccobene, E.: A model driven approach for cyber security scenarios deployment. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 107–122. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_8
Common Platform Enumeration (CPE) (2020). https://csrc.nist.gov/projects/security-content-automation-protocol/specifications/cpe/
D1.3: THREAT-ARREST platform’s initial reference architecture (2020). https://www.threat-arrest.eu/html/PublicDeliverables/D1.3
D3.1: CTTP Models and Programmes Specification Language (2020). https://www.threat-arrest.eu/html/PublicDeliverables/D3.1
D3.3: Reference CTTP Models and Programmes Specifications (2020). https://www.threat-arrest.eu/html/PublicDeliverables/D3.3
D4.2: THREAT-ARREST serious games v1 (2020). https://www.threat-arrest.eu/html/PublicDeliverables/D4.2
D4.3: Training and Visualisation tools IO mechanisms v1 (2020). https://www.threat-arrest.eu/html/PublicDeliverables/D4.3
D5.1: Real event logs statistical profiling module and synthetic event log generator v1 (2020). https://www.threat-arrest.eu/html/PublicDeliverables/D5.1
Erdogan, G., et al.: An Approach to Train and Evaluate the Cybersecurity Skills of Participants in Cyber Ranges based on Cyber-Risk Models, June 2020
Gartner Forecasts Worldwide Information Security Spending to Exceed \$124 Billion in 2019 (2020). https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019
Goeke, L., Quintanar, A., Beckers, K., Pape, S.: PROTECT – an easy configurable serious game to train employees against social engineering attacks. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 156–171. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_11
Kubernetes (2020). https://kubernetes.io/
NS-3 Network Simulator (2020). https://www.nsnam.org/
OpenStack (2020). https://www.openstack.org/
PwC’s global economic crime and fraud survey 2018(2020). https://www.pwc.com/gx/en/forensics/gecs-2020/pdf/global-economic-crime-and-fraud-survey-2020.pdf
Rantos, K., Fysarakis, K., Mani-favas, C.: How effective is your security awareness program? An evaluation methodology. Inf. Secur. J. Glob. Perspect. 21(6), 328–345 (2012)
Russo, E., Costa, G., Armando, A.: Scenario design and validation for next generation cyber ranges. In: 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), pp. 1–4. IEEE (2018)
Schaab, P., Beckers, K., Pape, S.: Social engineering defence mechanisms and counteracting training strategies. Inf. Comput. Secur. 25, 206–222 (2017)
Somarakis, I., Smyrlis, M., Fysarakis, K., Spanoudakis, G.: Model-driven cyber range training: a cyber security assurance perspective. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 172–184. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_12
Soultatos, O., et al.: The THREAT-ARREST cyber-security training platform. IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 199–214. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_14
THREAT-ARREST (2019). https://www.threat-arrest.eu/
Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020)
Acknowledgements
This work has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 786890 (THREAT-ARREST).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Smyrlis, M., Fysarakis, K., Spanoudakis, G., Hatzivasilis, G. (2020). Cyber Range Training Programme Specification Through Cyber Threat and Training Preparation Models. In: Hatzivasilis, G., Ioannidis, S. (eds) Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020. Lecture Notes in Computer Science(), vol 12512. Springer, Cham. https://doi.org/10.1007/978-3-030-62433-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-62433-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62432-3
Online ISBN: 978-3-030-62433-0
eBook Packages: Computer ScienceComputer Science (R0)