Towards the monitoring and evaluation of trainees’ activities in cyber ranges

Chiara Braghin, Stelvio Cimato, Ernesto Damiani, Fulvio Frati, Elvinia Riccobene, Sadegh Astaneh

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities. In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.

Original languageBritish English
Title of host publicationModel-driven Simulation and Training Environments for Cybersecurity - Second International Workshop, MSTEC 2020, Revised Selected Papers
EditorsGeorge Hatzivasilis, Sotiris Ioannidis
PublisherSpringer Science and Business Media Deutschland GmbH
Pages79-91
Number of pages13
ISBN (Print)9783030624323
DOIs
StatePublished - 2020
Event2nd International Workshop on Model-Driven Simulation and Training Environments for Cybersecurity, MSTEC 2020 held in conjunction with 24th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: 14 Sep 202018 Sep 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12512 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2nd International Workshop on Model-Driven Simulation and Training Environments for Cybersecurity, MSTEC 2020 held in conjunction with 24th European Symposium on Research in Computer Security, ESORICS 2020
Country/TerritoryUnited Kingdom
CityGuildford
Period14/09/2018/09/20

Keywords

  • Cyber ranges
  • Emulation frameworks
  • Monitoring frameworks

Fingerprint

Dive into the research topics of 'Towards the monitoring and evaluation of trainees’ activities in cyber ranges'. Together they form a unique fingerprint.

Cite this