Types of Cybersecurity Training in KYPO and Their Visualization Karolína Dočkalová Lasaris Seminar PV226, Fall 2021 Motivation ● Insufficient level of people’s (professionals or ordinary computer users) skills to prevent or respond to cyber security attacks -> ○ Hands-on exercises ○ Platform to enable safe execution of unusual and potentially harmful actions ● How to increase the impact of those exercises? ● The platform is ready and improving ● How can we see what is going on? ○ Are the exercises even helpful? ○ Too difficult or too easy? ○ Are the tasks well defined? 2 What’s going on during/after Cybersecurity Training? KYPO Cyber Range ● Open-source cloud-based simulator of computer networks ● Environment for execution of cybernetic attacks in sandboxes ● The cyber range enables us to collect player-specific data regarding individual training runs. ● Different types of hands-on exercises ○ CDX ○ linear or adaptive CtF 3 CDX, Cyber Defense Exercises ● Unstructured, step-by-step hands-on training ● To enable participants to experience cyber attacks first-hand with real-life limitations ● Intensive, short-term events lasting several days A need to gather feedback or training overview for the participants (both organizers and players) 4 Cyber Defense Exercises – Teams 5 ● the players, defending the prepared network against hackers ● during exercise, they should have no information regarding what is going on -> real-life conditions ● right after the exercise – an ideal time to give them fast feedback Post Training Feedback for the Blue Team 6 ● the players, defending the prepared network against hackers ● during exercise, they should have no information regarding what is going on -> real-life conditions ● right after the exercise – an ideal time to give them fast feedback Post Training Feedback for the Blue Team 7 Feedback for the Blue Team ● Visualizations that 8 Analysis for CDX Organizers ● Visualizations that show the organizers 9 CtF, Capture the Flag Games ● Hands-on education-oriented cybersecurity games ● The players fulfill individual tasks and receive or lose points according their progress ● A tutor is present to oversee the game and help the players 10 CtF – Feedback for Players ● Simple and straightforward ● Show the players their results in a competition 12 13 Post-training tool ● For organizers ● Interactive view of trainee actions ● Further developed 14 Capture the Flag Games – Commands Processing Capture the Flag Games Commands Processing ● Graph for one individual level of a single player Post-training Dashboard Across Multiple Instances ● Not for just single game, but for a whole definition (scenario) ● Statistical views to compare player actions and results ● To help see in a large scale and find patterns or improper parameter settings. 17 Adaptive Capture the Flag Games ● Consist of several phases, each with tasks of various difficulty ● The game itself determines how well the players perform and adjusts its difficulty individually per player ● Uses a decision matrix to compute the difficulty 18 Adaptive CtF with pre-training assessment (A), decision component (PD) applying the proposed model, and a post-training questionnaire (Q). This training contains five phases. Each contains one base task (T1) and two variant tasks (T2, T3). 19 20 Next Steps 21 1. Conduct experiments. a. Currently, adaptive CtF visualizations and behavioral analysis graphs. b. Qualitative evaluations with organizers, field tests at best (if possible...) 2. Publish the results. 3. Refactor/extend the visualizations based on new remarks and evaluation feedback. 4. Repeat. 1 2 3 4 Lasaris Seminar PV226, Fall 2021 Any questions?