Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities. In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.
Towards the Monitoring and Evaluation of Trainees’ Activities in Cyber Ranges / C. Braghin, S. Cimato, E. Damiani, F. Frati, E. Riccobene, S. Astaneh (LECTURE NOTES IN ARTIFICIAL INTELLIGENCE). - In: Model-driven Simulation and Training Environments for Cybersecurity / [a cura di] G. Hatzivasilis, S. Ioannidis. - [s.l] : Springer, 2020. - ISBN 9783030624323. - pp. 79-91 (( Intervento presentato al 2. convegno MSTEC tenutosi a Guildford nel 2020 [10.1007/978-3-030-62433-0_5].
Towards the Monitoring and Evaluation of Trainees’ Activities in Cyber Ranges
C. Braghin;S. Cimato;E. Damiani;F. Frati;E. Riccobene;S. Astaneh
2020
Abstract
Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities. In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.
| File | Dimensione | Formato | |
|---|---|---|---|
|
MSTEC2020.pdf
accesso riservato
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
697.25 kB
Formato
Adobe PDF
|
697.25 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
Braghin2020_Chapter_TowardsTheMonitoringAndEvaluat.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
1.29 MB
Formato
Adobe PDF
|
1.29 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
