TY - GEN
T1 - Towards the monitoring and evaluation of trainees’ activities in cyber ranges
AU - Braghin, Chiara
AU - Cimato, Stelvio
AU - Damiani, Ernesto
AU - Frati, Fulvio
AU - Riccobene, Elvinia
AU - Astaneh, Sadegh
N1 - Funding Information:
This work has been partly funded by the European Commission within the H2020 project THREAT-ARREST (contract n. 786890).
Funding Information:
Acknowledgements. This work has been partly funded by the European Commission
Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities. In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.
AB - Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities. In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.
KW - Cyber ranges
KW - Emulation frameworks
KW - Monitoring frameworks
UR - http://www.scopus.com/inward/record.url?scp=85097215738&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-62433-0_5
DO - 10.1007/978-3-030-62433-0_5
M3 - Conference contribution
AN - SCOPUS:85097215738
SN - 9783030624323
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 79
EP - 91
BT - Model-driven Simulation and Training Environments for Cybersecurity - Second International Workshop, MSTEC 2020, Revised Selected Papers
A2 - Hatzivasilis, George
A2 - Ioannidis, Sotiris
PB - Springer Science and Business Media Deutschland GmbH
T2 - 2nd International Workshop on Model-Driven Simulation and Training Environments for Cybersecurity, MSTEC 2020 held in conjunction with 24th European Symposium on Research in Computer Security, ESORICS 2020
Y2 - 14 September 2020 through 18 September 2020
ER -