Skip to main content
Springer Nature Link
Log in

A Digital Twin-Based Cyber Range for SOC Analysts

  • Conference paper
  • First Online:
Data and Applications Security and Privacy XXXV (DBSec 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12840))

Included in the following conference series:

Abstract

Security Operations Centers (SOCs) provide a holistic view of a company’s security operations. While aiming to harness this potential, companies are lacking sufficiently skilled cybersecurity analysts. One approach to meet this demand is to create a cyber range to equip potential analysts with the skills required. The digital twin paradigm offers great benefit by providing a realistic virtual environment to create a cyber range. However, to the best of our knowledge, tapping this potential to train SOC analysts has not been attempted yet. To address this research gap, a concept of a digital twin-based cyber range for SOC analysts is proposed and implemented. As part of the virtual training environment, several attacks against an industrial system are simulated. Being provided with a SIEM system that displays the real-time log data, the trainees solve increasingly complex tasks in which they have to detect the attacks performed against the system. Thereby, they learn how to interact with a SIEM system and create rules that correlate events aiming to detect security incidents. To evaluate the implemented cyber range, a comprehensive user study demonstrates a significant increase of knowledge within SIEM-related topics among the participants. Additionally, it indicates that the cyber range was subjectively perceived as a positive learning experience by the participants.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/scy-phy/minicps.

  2. 2.

    http://mininet.org/ .

  3. 3.

    https://scapy.net/.

  4. 4.

    https://www.ettercap-project.org/.

  5. 5.

    http://www.hping.org/.

  6. 6.

    https://www.dsiem.org/.

  7. 7.

    https://vuejs.org/.

  8. 8.

    https://firebase.google.com/docs/firestore.

  9. 9.

    https://flask.palletsprojects.com/en/1.1.x/.

  10. 10.

    https://github.com/DigitalTwinSocCyberrange.

  11. 11.

    The SPSS output of the t-test can be found in Fig. 7 in the appendix.

  12. 12.

    https://github.com/DigitalTwinSocCyberrange/userStudy.

References

  1. Barzilai, S., Blau, I.: Scaffolding game-based learning: impact on learning achievements, perceived learning, and game experiences. Comput. Educ. 70, 65–79 (2014)

    Article  Google Scholar 

  2. Bissel, K., Lasalle, R., Dal Cin, P.: Third annual state of cyber resilience report. Accenture (2020)

    Google Scholar 

  3. Boschert, S., Heinrich, C., Rosen, R.: Next generation digital twin. In: Proceedings of the 12th International Symposium on Tools and Methods of Competitive Engineering, TMCE 2018, pp. 209–217 (2018)

    Google Scholar 

  4. Bécue, A., et al.: CyberFactory1 – securing the industry 4.0 with cyber-ranges and digital twins. In: 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS), pp. 1–4 (2018)

    Google Scholar 

  5. Caspi, A., Blau, I.: Social presence in online discussion groups: testing three conceptions and their relations to perceived learning. Soc. Psychol. Educ. 11(3), 323–346 (2008). https://doi.org/10.1007/s11218-008-9054-2

    Article  Google Scholar 

  6. Dietz, M., Pernul, G.: Digital twin: empowering enterprises towards a system-of-systems approach. Bus. Inf. Syst. Eng. 62(2), 179–184 (2019). https://doi.org/10.1007/s12599-019-00624-0

    Article  Google Scholar 

  7. Dietz, M., Pernul, G.: Unleashing the digital twin’s potential for ICS security. IEEE Secur. Priv. 18(4), 20–27 (2020)

    Article  Google Scholar 

  8. Dietz, M., Vielberth, M., Pernul, G.: Integrating digital twin security simulations in the security operations center. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020. ACM, New York (2020)

    Google Scholar 

  9. Eckhart, M., Ekelhart, A.: A specification-based state replication approach for digital twins. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2018, pp. 36–47. ACM, New York (2018)

    Google Scholar 

  10. Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security (CPSS 2018), pp. 61–72 (2018)

    Google Scholar 

  11. Eckhart, M., Ekelhart, A.: Digital twins for cyber-physical systems security: state of the art and outlook. In: Security and Quality in Cyber-Physical Systems Engineering, pp. 383–412. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25312-7_14

    Chapter  Google Scholar 

  12. Empl, P., Pernul, G.: A flexible security analytics service for the industrial IoT. In: Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, pp. 23–32. ACM, New York (2021)

    Google Scholar 

  13. Gehrmann, C., Gunnarsson, M.: A digital twin based industrial automation and control system security architecture. IEEE Trans. Ind. Inf. 16, 669–680 (2020)

    Article  Google Scholar 

  14. Giannakas, F., Papasalouros, A., Kambourakis, G., Gritzalis, S.: A comprehensive cybersecurity learning platform for elementary education. Inf. Secur. J. 28(3), 81–106 (2019)

    Google Scholar 

  15. Girard, C., Ecalle, J., Magnan, A.: Serious games as new educational tools: how effective are they? A meta-analysis of recent studies. J. Comput. Assist. Learn. 29(3), 207–219 (2013)

    Article  Google Scholar 

  16. Hauge, J.B., et al.: Study design and data gathering guide for serious games’ evaluation. In: Tennyson, R., Connolly, T.M., Hainey, T., Boyle, E., Baxter, G., Moreno-Ger, P. (eds.) Psychology, Pedagogy, and Assessment in Serious Games. Advances in Game-Based Learning, pp. 394–419. IGI Global (2014)

    Google Scholar 

  17. Kavallieratos, G., Katsikas, S.K., Gkioulos, V.: Towards a cyber-physical range. In: Proceedings of the 5th on Cyber-Physical System Security Workshop - CPSS 2019, pp. 25–34. ACM Press, New York (2019)

    Google Scholar 

  18. Keller, J.M.: Development and use of the ARCS model of instructional design. J. Instr. Dev. 10(3), 2–10 (1987). https://doi.org/10.1007/BF02905780

    Article  Google Scholar 

  19. Kelley, D., Moritz, R.: Best practices for building a security operations center. Inf. Syst. Secur. 14(6), 27–32 (2006)

    Article  Google Scholar 

  20. Leitner, M., et al.: AIT cyber range: flexible cyber security environment for exercises, training and research. In: Proceedings of the European Interdisciplinary Cybersecurity Conference, pp. 1–6 (2020)

    Google Scholar 

  21. Madani, A., Rezayi, S., Gharaee, H.: Log management comprehensive architecture in Security Operation Center (SOC). In: 2011 International Conference on Computational Aspects of Social Networks (CASoN), pp. 284–289. IEEE (2011)

    Google Scholar 

  22. Negri, E., Fumagalli, L., Macchi, M.: A review of the roles of digital twin in CPS-based production systems. Procedia Manuf. 11, 939–948 (2017)

    Article  Google Scholar 

  23. Pescatore, J., Filkins, B.: Closing the critical skills gap for modern and effective security operations centers (SOCs). SANS Institute (2020)

    Google Scholar 

  24. Pokhrel, A., Katta, V., Colomo-Palacios, R.: Digital twin for cybersecurity incident prediction: a multivocal literature review. In: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, ICSEW 2020, pp. 671–678. ACM, New York (2020)

    Google Scholar 

  25. Putz, B., Dietz, M., Empl, P., Pernul, G.: EtherTwin: blockchain-based secure digital twin information management. Inf. Process. Manag. 58(1), 102425 (2021)

    Article  Google Scholar 

  26. Rubio, J.E., Roman, R., Lopez, J.: Analysis of cybersecurity threats in industry 4.0: the case of intrusion detection. In: D’Agostino, G., Scala, A. (eds.) Critical Information Infrastructures Security. LNCS, vol. 10707, pp. 119–130. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99843-5_11

    Chapter  Google Scholar 

  27. Schinagl, S., Schoon, K., Paans, R.: A framework for designing a security operations centre (SOC). In: 2015 48th Hawaii International Conference on System Sciences, pp. 2253–2262. IEEE (2015)

    Google Scholar 

  28. Tian, Z., et al.: A real-time correlation of host-level events in cyber range service for smart campus. IEEE Access 6, 35355–35364 (2018)

    Article  Google Scholar 

  29. Ukwandu, E., et al.: A review of cyber-ranges and test-beds: current and future trends. Sensors 20(24), 7148 (2020)

    Article  Google Scholar 

  30. Vielberth, M., Bohm, F., Fichtinger, I., Pernul, G.: Security operations center: a systematic study and open challenges. IEEE Access 8, 227756–227779 (2020)

    Article  Google Scholar 

  31. Vielberth, M., Pernul, G.: A security information and event management pattern. In: 12th Latin American Conference on Pattern Languages of Programs (SugarLoafPLoP 2018), pp. 1–12. The Hillside Group (2018)

    Google Scholar 

  32. Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chair of Information Systems, University of Regensburg, Regensburg, Germany

    Manfred Vielberth, Magdalena Glas, Marietheres Dietz & Günther Pernul

  2. Department of Informatics, Ionian University, Corfu, Greece

    Stylianos Karagiannis & Emmanouil Magkos

Authors
  1. Manfred Vielberth
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Magdalena Glas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marietheres Dietz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stylianos Karagiannis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Emmanouil Magkos
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manfred Vielberth .

Editor information

Editors and Affiliations

  1. University of Calgary, Calgary, AB, Canada

    Ken Barker

  2. State University of New York at Canton, Canton, NY, USA

    Kambiz Ghazinour

Appendix

Appendix

Fig. 6.
figure 6

Screenshot of the cyber range interface: SIEM dashboard and LMS

Full size image
Fig. 7.
figure 7

SPSS output of the t-test

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vielberth, M., Glas, M., Dietz, M., Karagiannis, S., Magkos, E., Pernul, G. (2021). A Digital Twin-Based Cyber Range for SOC Analysts. In: Barker, K., Ghazinour, K. (eds) Data and Applications Security and Privacy XXXV. DBSec 2021. Lecture Notes in Computer Science(), vol 12840. Springer, Cham. https://doi.org/10.1007/978-3-030-81242-3_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81242-3_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81241-6

  • Online ISBN: 978-3-030-81242-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships