research-article

Open access

AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research

Authors:

Maximilian Frank,

Wolfgang Hotwagner,

Gregor Langner,

Oliver Maurhart,

Lenhard Reuter,

Florian Skopik,

Manuel WarumAuthors Info & Claims

EICC '20: Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference

Article No.: 2, Pages 1 - 6

https://doi.org/10.1145/3424954.3424959

Published: 12 January 2021 Publication History

Abstract

With the evolution of threats and attacks and the speed of automation, new modern training and learning environments are needed to support the challenges of digital organizations and societies. In recent years, cyber ranges, i.e., virtual environments that support the simulation of diverse infrastructures, have emerged and are often utilized for cyber security exercises or training. With these environments, organizations or individuals can increase their preparedness and dexterity, for example, by training to identify and mitigate incidents and attacks. In this paper, we present the AIT Cyber Range which was designed based on several principles such as scalability, flexibility and the utilization of Open Source technologies. This paper outlines the building blocks of the architecture and implementation: computing platform, infrastructure provisioning, software provisioning and scenario engine. Furthermore, the implementation is demonstrated by three use cases: cyber exercises, training as well as security research and development. For future work, we aim to further extend the building blocks and to address federation and interoperability with other cyber ranges.

References

[1]

David Allison, Paul Smith, Kieran McLaughlin, Fan Zhang, Jamie Coble, and Rodney Busquim. 2020. PLC-based Cyber-Attack Detection: A Last Line of Defence. In IAEA International Conference on Nuclear Security: Sustaining and Strengthening Efforts. IAEA, 10. https://conferences.iaea.org/event/181/contributions/15513/

[2]

Agnė Brilingaitė, Linas Bukauskas, and Eduardas Kutka. 2017. Development of an Educational Platform for Cyber Defence Training. In European Conference on Cyber Warfare and Security. Academic Conferences International Limited, 73--81.

[3]

Jon Davis and Shane Margath. 2013. A Survey of Cyber Ranges and Testbeds. Technical Report DSTO -GD -0771. Cyber Electronic Warfare Division, DSTO Defence Science and Technology Organisation, Edinburgh, South Australia 5111, Australia. http://www.dtic.mil/dtic/tr/fulltext/u2/a594524.pdf

[4]

Tamara Denning, Adam Lerner, Adam Shostack, and Tadayoshi Kohno. 2013. Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13). ACM, Berlin, Germany, 915--928.

Digital Library

[5]

ECSO. 2020. Understanding Cyber Ranges: From Hype to Reality. WG5 PAPER. European Cyber Security Organisation (ECSO), Brussels, Belgium. 31 pages. https://www.ecs-org.eu/documents/uploads/understanding-cyber-ranges-from-hype-to-reality.pdf

[6]

ENISA. 2015. The 2015 Report on National and International Cyber Security Exercises. Technical Report 1.0. European Union Agency for Network and Information Security (ENISA), Heraklion, Greece. 32 pages. https://www.enisa.europa.eu/publications/latest-report-on-national-and- international- cyber-security-exercises/at_download/fullReport

[7]

B. Ferguson, A. Tall, and D. Olsen. 2014. National Cyber Range Overview. In 2014 IEEE Military Communications Conference (MILCOM). IEEE, Baltimore, MD, 123--128.

[8]

M. Frank, M. Leitner, and T. Pahi. 2017. Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education. In 2017 IEEE 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress. IEEE, Orlando, FL, USA, 38--46. https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23

[9]

Sylvain Frey, Awais Rashid, Pauline Anthonysamy, Maria Pinto-Albuquerque, and Syed Asad Naqvi. 2019. The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game. IEEE Transactions on Software Engineering 45, 5 (May 2019), 521--536. https://doi.org/10.1109/TSE.2017.2782813

[10]

J. Kim, Y. Maeng, and M. Jang. 2019. Becoming Invisible Hands of National Live-Fire Attack-Defense Cyber Exercise. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). IEEE, Stockholm, Sweden, 77--84.

[11]

Stela Kucek and Maria Leitner. 2020. An Empirical Survey of Functions and Configurations of Open-Source Capture the Flag (CTF) Environments. Journal of Network and Computer Applications 151 (Feb. 2020), 102470. https://doi.org/10.1016/j.jnca.2019.102470

Digital Library

[12]

Stela Kucek and Maria Leitner. 2020. Training the Human-in-the-Loop in Industrial Cyber Ranges. In Digital Transformation in Semiconductor Manufacturing (Lecture Notes in Electrical Engineering), Sophia Keil, Rainer Lasch, Fabian Lindner, and Jacob Lohmer (Eds.). Springer International Publishing, Cham, 107--118. https://doi.org/10.1007/978-3-030-48602-0_10

[13]

Maria Leitner, Timea Pahi, and Florian Skopik. 2017. Situational Awareness for Strategic Decision Making on a National Level. In Collaborative Cyber Threat Intelligence, Florian Skopik (Ed.). CRC Press, 225--276.

[14]

U.S. Department of Commerce National Institute of Standards and Technology. 2018. Cyber Ranges. Technical Report. NIST, US. https://www.nist.gov/system/files/documents/2018/02/13/cyber_ranges.pdf

[15]

Cuong Pham, Dat Tang, Ken-ichi Chinen, and Razvan Beuran. 2016. CyRIS: a cyber range instantiation system for facilitating security training. In Proceedings of the Seventh Symposium on Information and Communication Technology (SoICT '16). ACM, Ho Chi Minh City, Vietnam, 251--258.

Digital Library

[16]

Florian Skopik, Giuseppe Settanni, Roman Fiedler, and Ivo Friedberg. 2014. Semi-synthetic data set generation for security software evaluation. In Proc. of the 12th Annual International Conference on Privacy, Security and Trust. IEEE, 156--163.

[17]

Ciza Thomas, Vishwas Sharma, and N Balakrishnan. 2008. Usefulness of DARPA dataset for intrusion detection system evaluation. In Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, Vol. 6973. International Society for Optics and Photonics, SPIE, 164--171.

[18]

Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, and Yan Shoshitaishvili. 2014. Ten Years of iCTF: The Good, The Bad, and The Ugly. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX Association, San Diego, CA, 7.

[19]

Jan Vykopal, Martin Vizvary, Radek Oslejsek, Pavel Celeda, and Daniel Tovarnak. 2017. Lessons learned from complex hands-on defence exercises in a cyber range. In 2017 IEEE Frontiers in Education Conference (FIE). IEEE Computer Society, Indianapolis, IN, USA, 1--8. https://doi.org/10.1109/FIE.2017.8190713

Digital Library

[20]

Markus Wurzenberger, Florian Skopik, Giuseppe Settanni, and Wolfgang Scherrer. 2016. Complex log file synthesis for rapid sandbox-benchmarking of security-and computer network analysis tools. Information Systems 60 (2016), 13--33.

Digital Library

[21]

Muhammad Mudassar Yamin, Basel Katt, and Vasileios Gkioulos. 2020. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security 88 (Jan. 2020), 101636. https://doi.org/10.1016/j.cose.2019.101636

Digital Library

Cited By

Kampourakis VGkioulos VKatsikas S(2025)A step-by-step definition of a reference architecture for cyber rangesJournal of Information Security and Applications10.1016/j.jisa.2024.10391788(103917)Online publication date: Feb-2025
https://doi.org/10.1016/j.jisa.2024.103917
Radhika AShanmugavalli T(2024)Effect of kettle bells and battle rope training on grip strength and body composition among university volleyball playersSalud, Ciencia y Tecnología - Serie de Conferencias10.56294/sctconf20249053(905)Online publication date: 13-Jun-2024
https://doi.org/10.56294/sctconf2024905
Mills AWhite JLegg P(2024)GoibhniUWE: A Lightweight and Modular Container-Based Cyber RangeJournal of Cybersecurity and Privacy10.3390/jcp40300294:3(615-628)Online publication date: 24-Aug-2024
https://doi.org/10.3390/jcp4030029
Show More Cited By

Index Terms

AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research
1. Computer systems organization
  1. Real-time systems
2. Security and privacy
  1. Security services

Recommendations

Building Open Source Cyber Range To Teach Cyber Security
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

This paper deals with the use of cyber range in education to teach cybersecurity. Particular attention is paid exclusively to open-source solutions, as such solutions are available to the general public, which is essential in raising awareness of cyber ...
Train as you Fight: Evaluating Authentic Cybersecurity Training in Cyber Ranges
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

Humans can play a decisive role in detecting and mitigating cyber attacks if they possess sufficient cybersecurity skills and knowledge. Realizing this potential requires effective cybersecurity training. Cyber range exercises (CRXs) represent a novel ...
Cyber modeling & simulation for cyber-range events
SummerSim '15: Proceedings of the Conference on Summer Computer Simulation

The speed and combinatorial nature of the evolving cyber threat demands a more flexible modeling and simulation (M&S) approach utilizing cyber ranges. In this paper, we provide a summary of the base-line process to conduct cyber-range events. In ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

EICC '20: Proceedings of the 2020 European Interdisciplinary Cybersecurity Conference

November 2020

72 pages

ISBN:9781450375993

DOI:10.1145/3424954

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 January 2021

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

EICC 2020

EICC 2020: European Interdisciplinary Cybersecurity Conference

November 18, 2020

Rennes, France

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
1,851
Total Downloads

Downloads (Last 12 months)575
Downloads (Last 6 weeks)86

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kampourakis VGkioulos VKatsikas S(2025)A step-by-step definition of a reference architecture for cyber rangesJournal of Information Security and Applications10.1016/j.jisa.2024.10391788(103917)Online publication date: Feb-2025
https://doi.org/10.1016/j.jisa.2024.103917
Radhika AShanmugavalli T(2024)Effect of kettle bells and battle rope training on grip strength and body composition among university volleyball playersSalud, Ciencia y Tecnología - Serie de Conferencias10.56294/sctconf20249053(905)Online publication date: 13-Jun-2024
https://doi.org/10.56294/sctconf2024905
Mills AWhite JLegg P(2024)GoibhniUWE: A Lightweight and Modular Container-Based Cyber RangeJournal of Cybersecurity and Privacy10.3390/jcp40300294:3(615-628)Online publication date: 24-Aug-2024
https://doi.org/10.3390/jcp4030029
Shin YKwon HJeong JShin D(2024)A Study on Designing Cyber Training and Cyber Range to Effectively Respond to Cyber ThreatsElectronics10.3390/electronics1319386713:19(3867)Online publication date: 29-Sep-2024
https://doi.org/10.3390/electronics13193867
Pfaller TSkopik FSmith PLeitner M(2024)Towards Customized Cyber Exercises using a Process-based Lifecycle ModelProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3655713(37-45)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3655713
Spencer MColes-Kemp LHansen R(2024)Navigating the landscape of security modelling: the MORS gridJournal of Cybersecurity10.1093/cybsec/tyae02410:1Online publication date: 14-Nov-2024
https://doi.org/10.1093/cybsec/tyae024
Karagiannis SMagkos EKaravaras EKarnavas ANikiforos MNtantogian C(2024)Towards NICE-by-Design Cybersecurity Learning Environments: A Cyber Range for SOC TeamsJournal of Network and Systems Management10.1007/s10922-024-09816-w32:2Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1007/s10922-024-09816-w
Lazarov WStodulka TSchafeitel-Tähtinen THelenius MMartinasek Z(2023)Interactive Environment for Effective Cybersecurity Teaching and LearningProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605007(1-9)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605007
Huff PLeiterman SSpringer JDoyle MStephenson BDorn BSoh LBattestilli L(2023)Cyber ArenaProceedings of the 54th ACM Technical Symposium on Computer Science Education V. 110.1145/3545945.3569828(221-227)Online publication date: 2-Mar-2023
https://dl.acm.org/doi/10.1145/3545945.3569828
Glas MVielberth MPernul G(2023)Train as you Fight: Evaluating Authentic Cybersecurity Training in Cyber RangesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581046(1-19)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581046
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents