Towards a Unified Data Storage and Generic Visualizations in Cyber Ranges

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F17%3A00094475" target="_blank" >RIV/00216224:14330/17:00094475 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Towards a Unified Data Storage and Generic Visualizations in Cyber Ranges

Popis výsledku v původním jazyce

Cyber ranges enable security experts to emulate computer networks where they can perform cyber security exercises and experiments. Although their architecture may differ, the following four types of services are usually provided: (a) Resource management, i.e. the allocation of network infrastructure with requested topology and running applications. (b) Interaction of users with hosts, i.e. allowing users to log into hosts and run applications in the same way they interact in real computer networks. (c) Monitoring services, when network activities are monitored on the fly and measured data are stored and mediated to end users on demand. (d) Learning and understanding of cyber security processes by providing users with a continuous overview of events and developments by means of analytic tools, interactive visualizations, and other enhanced user interfaces. This paper deals with (c) and (d) service types. The low-level infrastructure of modern cyber ranges is usually generic, enabling to instantiate topologies and hosts of many types and then to support end user with variable objectives and tasks. However, this diversity of objectives put big demands on the design of a monitoring subsystem and corresponding user interfaces providing insight into the measured data and cyber security processes. It is because the monitored data and their manipulation strategies may differ scenario to scenario. This paper discusses a generic approach to data storage using traditional entity-relationship databases. Our approach exploits data analysis patterns enabling us to define scenario-specific security phenomena without modifying rational scheme or other parts of the cyber range architecture. A flexible web-based system of user interfaces adaptable to the variable data is discussed as well. Our approach has been developed as part of a KYPO Cyber Range. Its usability has been evaluated within many diverse successfully performed cyber exercises. This paper presents several types of exercises that differ in required phenomena and interactions and then sufficiently demonstrate generality and usability of our approach.

Název v anglickém jazyce

Towards a Unified Data Storage and Generic Visualizations in Cyber Ranges

Popis výsledku anglicky

Cyber ranges enable security experts to emulate computer networks where they can perform cyber security exercises and experiments. Although their architecture may differ, the following four types of services are usually provided: (a) Resource management, i.e. the allocation of network infrastructure with requested topology and running applications. (b) Interaction of users with hosts, i.e. allowing users to log into hosts and run applications in the same way they interact in real computer networks. (c) Monitoring services, when network activities are monitored on the fly and measured data are stored and mediated to end users on demand. (d) Learning and understanding of cyber security processes by providing users with a continuous overview of events and developments by means of analytic tools, interactive visualizations, and other enhanced user interfaces. This paper deals with (c) and (d) service types. The low-level infrastructure of modern cyber ranges is usually generic, enabling to instantiate topologies and hosts of many types and then to support end user with variable objectives and tasks. However, this diversity of objectives put big demands on the design of a monitoring subsystem and corresponding user interfaces providing insight into the measured data and cyber security processes. It is because the monitored data and their manipulation strategies may differ scenario to scenario. This paper discusses a generic approach to data storage using traditional entity-relationship databases. Our approach exploits data analysis patterns enabling us to define scenario-specific security phenomena without modifying rational scheme or other parts of the cyber range architecture. A flexible web-based system of user interfaces adaptable to the variable data is discussed as well. Our approach has been developed as part of a KYPO Cyber Range. Its usability has been evaluated within many diverse successfully performed cyber exercises. This paper presents several types of exercises that differ in required phenomena and interactions and then sufficiently demonstrate generality and usability of our approach.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20162019014" target="_blank" >VI20162019014: Simulace, detekce a potlačení kybernetických hrozeb ohrožujících kritickou infrastrukturu</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach<br>I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2017

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 16th European Conference on Cyber Warfare and Security ECCWS 2017

ISBN

9781911218432

ISSN

2048-8602

e-ISSN

—

Počet stran výsledku

9

Strana od-do

298-306

Název nakladatele

Academic Conferences and Publishing International Limited

Místo vydání

UK

Místo konání akce

Dublin

Datum konání akce

1. 1. 2017

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—