Abstract
The lack of guided exercises and practical opportunities to learn about cybersecurity in a practical way makes it difficult for security experts to improve their proficiency. Capture the Flag events and Cyber Ranges are ideal for cybersecurity training. Thereby, the participants usually compete in teams against each other, or have to defend themselves in a specific scenario. As organizers of yearly events, we present a taxonomy for interactive cyber training and education. The proposed taxonomy includes different factors of the technical setup, audience, training environment, and training setup. By the comprehensive taxonomy, different aspects of interactive training are considered. This can help trainings to improve and to be established successfully. The provided taxonomy is extendable and can be used in further application areas as research on new security technologies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Amorim, J.A., Hendrix, M., Andler, S.F., Gustavsson, P.M.: Gamified training for cyber defence: methods and automated tools for situation and threat assessment. Nato Modelling & Simulation Group (NMSG) Multi-Workshop, MSG-111 (2013)
Amoroso, E.: Fundamentals of Computer Security Technology. Prentice-Hall, Upper Saddle River (1994)
Beuran, R., Pham, C., Tang, D., Chinen, K.I., Tan, Y., Shinoda, Y.: Cybersecurity education and training support system: CyRIS. IEICE Trans. Inf. Syst. E101.D, 740–749 (2018)
Beyer, R.E., Brummel, B.: Implementing effective cyber security training for end users of computer networks. SHRM-SIOP Sci. HR Ser. Promoting Evid.-Based HR 3(10), 2018 (2015)
Bishop, M.: What do we mean by “computer security education"? In: 22nd National Information Systems Security Conference (1999)
CERT Division: CERT Coordination Center - 2002 Annual Report. Technical report,Carnegie Mellon University, Software Engineering Institute (2003)
Chef Software Inc.: Chef (2020). https://www.chef.io. Accessed 28 Aug 2020
CONCORDIA: Courses and Trainings for Professionals (2020). https://www.concordia-h2020.eu/map-courses-cyber-professionals/. Accessed 28 Aug 2020
Davis, A., Leek, T., Zhivich, M., Gwinnup, K., Leonard, W.: The fun and future of CTF. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14) (2014)
Davis, J., Magrath, S.: A survey of cyber ranges and testbeds. Technical report, Defence Science and Technology Organisation Edinburgh (Australia) Cyber and Electronic Warfare Div (2013)
Díez, E.G., Pereira, D.F., Merino, M.A.L., Suárez, H.R., Juan, D.B.: Cyber exercises taxonomy. INCIBE (2015). https://www.incibe.es/extfrontinteco/img/File/intecocert/EstudiosInformes/incibe_cyberexercises_taxonomy.pdf. Accessed 28 Aug 2020
Easttom, C., Butler, W.: A modified McCumber cube as a basis for a taxonomy of cyber attacks. In: 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp. 943–949 (2019)
European Cyber Security Organisation: WG5 Paper - Understanding Cyber Ranges: From Hype to Reality. Technical report (2020)
Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24, 31–43 (2005)
Hembroff, G., Hanson, L., Vanwagner, T., Wambold, S., Wang, X.: The Development of a computer & network security education interactive gaming architecture for high school age students. USENIX J. Educ. Syst. Adm. 25 (2015)
Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents. Technical repo, Sandia National Laboratories (1998)
(ISC)2: Strategies for Building and Growing Strong Cybersecurity Teams. Cybersecurity Workforce Study (2019). https://www.isc2.org/-/media/ISC2/Research/2019-Cybersecurity-Workforce-Study/ISC2-Cybersecurity-Workforce-Study-2019.ashx. Accessed 28 Aug 2020
ISO/IEC: ISO/IEC 9126. Software engineering - Product quality. ISO/IEC (2001)
ISO/IEC 25010: ISO/IEC 25010:2011, Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - System and software quality models. ISO/IEC (2011)
Jin, G., Tu, M., Kim, T.H., Heffron, J., White, J.: Game based cybersecurity training for high school students. In: Proceedings of the 49th ACM Technical Symposium on Computer Science Education, SIGCSE ’18, pp. 68–73. Association for Computing Machinery, New York (2018)
Jouini, M., Rabai, L.B.A., Aissa, A.B.: Classification of security threats in information systems. In: The 5th International Conference on Ambient Systems, Networks and Technologies (ANT-2014), Procedia Computer Science, vol. 32, pp. 489–496 (2014)
Kick, J.: Cyber Exercise Playbook. MITRE (2014., https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf. Accessed 28 Aug 2020
Kumar, S.: Classification and Detection of Computer Intrusions. Ph.D. thesis, Purdue University, USA (1996)
Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaw. ACM Comput. Surv. 26, 211–254 (1994)
Lehto, M.: Cyber security education and research in the Finland’s Universities and universities of applied sciences. Int. J. Cyber Warfare Terrorism 6, 15–31 (2016)
Lindqvist, U., Jonsson, E.: How to systematically classify computer security intrusions. In: IEEE Symposium Security and Privacy, pp. 154–163 (1997)
Lipson, H.F.: Tracking and tracing cyber-attacks: technical challenges and global policy issues. Software Engineering Institute, CERT CoordinationCenter (2002)
Mirkovic, J., Peterson, P.A.H.: Class capture-the-flag exercises. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX Association, San Diego (2014)
Neumann, P.G., Parker, D.B.: A summary of computer misuse techniques. In: 12th National Computer Security Conference, Baltimore, MD, pp. 396–406 (1989)
Newhouse, W., Keith, S., Scribner, B., Witte, G.: National initiative for cybersecurity education (nice) cybersecurity workforce framework. NISTSpecial Publication 800-181 (2017)
Newhouse, W., Keith, S., Scribner, B., Witte, G.: National Initiative for Cybersecurity Education (NICE), Cybersecurity Workforce Framework, NIST Special Publication 800–181. National Institute of Standards and Technology, US Department of Homeland Security, National Initiative for Cybersecurity Careers and Studies (NICCS) (2017)
Paulauskas, N., Garsva, E.: Computer system attack classification. IEEE Autom. Rob. 66, 84–87 (2006)
Pelánek, R.: Applications of the Elo rating system in adaptive educational systems. Comput. Educ. 98, 169–179 (2016)
Priyadarshini, I.: Features and Architecture of The Modern Cyber Range: A Qualitative Analysis and Survey. Ph.D. thesis, University of Delaware (2018)
Puppet Inc: puppet (2020). https://www.puppet.com. Accessed 28 Aug 2020
Rajamäki, J., Nevmerzhitskaya, J., Virág, C.: Cybersecurity education and training in hospitals: Proactive resilience educational framework (Prosilience EF). In: 2018 IEEE Global Engineering Education Conference (EDUCON), pp. 2042–2046. IEEE (2018)
Red Hat Inc: Red Hat Ansible (2020). https://www.ansible.com. Accessed 28 Aug 2020
SaltStack Inc: Saltstack (2020). https://www.saltstack.com. Accessed 28 Aug 2020
Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack taxonomy. In: 9th Annual Symposium on Information Assurance (ASIA’14), pp. 2–12 (2014)
Souissi, S.: A novel response-oriented attack classification. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), pp. 1–6 (2015)
Steinberger, J., Sperotto, A., Golling, M., Baier, H.: How to exchange security events? Overview and evaluation of formats and protocols. In: Badonnel, R., Xiao, J., Ata, S., Turck, F.D., Groza, V., dos Santos, C.R.P. (eds.) IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, pp. 261–269. IEEE (2015)
Subaşu, G., Roşu, L., Bădoi, I.: Modeling and simulation architecture for training in cyber defence education. In: 2017 9th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pp. 1–4 (2017)
Švábenský, V., Vykopal, J., Cermak, M., Laštovička, M.: Enhancing cybersecurity skills by creating serious games. In: Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education, ITiCSE 2018, pp. 194–199. Association for Computing Machinery, New York (2018)
Taylor, C., Arias, P., Klopchic, J., Matarazzo, C., Dube, E.: CTF: state-of-the-art and building the next generation. In: 2017 USENIX Workshop on Advances in Security Education (ASE 17). USENIX Association, Vancouver (2017)
Urias, V.E., Van Leeuwen, B., Stout, W.M.S., Lin, H.W.: Dynamic cybersecurity training environments for an evolving cyber workforce. In: 2017 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1–6 (2017)
US Department of Defense: The Department of Defense Cyber Table Top Guidebook (2018). https://www.dau.edu/cop/test/DAU Sponsored Documents/The DoD Cyber Table Top Guidebook v1.pdf. Accessed 28 ug 2020
Valús̆ek, M.: Classification of Network Attacks and Detection Methods. Technical report, Masaryk University, Czech Republic (2016)
Vykopal, J., Os̆lejs̆ek, R., Celeda, P., Vizváry, M., Tovarn̆ák, D.: KYPO cyber range: design and use cases. In: Proceedings of the 12th International Conference on Software Technologies, ICSOFT, vol. 1, pp. 310–321 (2017)
Vykopal, J., Vizváry, M., Os̆lejs̆ek, R., Celeda, P., Tovarn̆ák, D.: Lessons learned from complex hands-on defence exercises in a cyber range. In: 2017 IEEE Frontiers in Education Conference (FIE), pp. 1–8. IEEE (2017)
Wright, A.C.: Orange is the new purple. Blackhat conference presentation (2017). https://www.blackhat.com/docs/us-17/wednesday/us-17-Wright-Orange-Is-The-New-Purple-wp.pdf. Accessed 28 Aug 2020
Wu, Z., Ou, Y., Liu, Y.: A taxonomy of network and computer attacks based on responses. In: 2011 International Conference of Information Technology, Computer Engineering and Management Sciences, vol. 1, pp. 26–29 (2011)
Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools architecture. Comput. Secur. 88, 101636 (2020)
Yurcik, W., Doss, D.: Different approaches in the teaching of information systems security. In: Proceedings of the Information Systems Education Conference, pp. 32–33 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Knüpfer, M. et al. (2020). Cyber Taxi: A Taxonomy of Interactive Cyber Training and Education Systems. In: Hatzivasilis, G., Ioannidis, S. (eds) Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020. Lecture Notes in Computer Science(), vol 12512. Springer, Cham. https://doi.org/10.1007/978-3-030-62433-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-62433-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62432-3
Online ISBN: 978-3-030-62433-0
eBook Packages: Computer ScienceComputer Science (R0)