Skip to main content

Advertisement

SpringerLink
Log in

Scenario-based cyber attack·defense education system on virtual machines integrated by web technologies for protection of multimedia contents in a network

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Security issues have been raised with the tremendous growth of social multimedia content evolving content distribution and social interaction. To protect the social multimedia contents in a network, information security education has been actively studied, and various educational systems are being provided. Even when trainees have completed the training that they can practice, such as DDoS(Distributed Denial of Services) response and database outbreak attack, most of the education methods are based on the theory or advance notification method designed as part of the scenario beforehand and it is difficult to apply these to actual situations. In addition, building new systems and learning to use them for each scenario lowers the training effectiveness.

In this paper, we investigate various cases of cyber incident in the content distribution networks. Based on research, we develop Meltdown, Mirai malware, Carbanak APT(Advanced Persistent Threats), and Ransomware scenarios that assume a real multimedia contents distribution situation. We also build and store individual virtual environments for each scenario, integrating them into VMWare ESXI, so that attack and defense practices can be conducted similar to real world networks. The deployed environment is integrated with the Web through the VM API(Virtual Machine Application Programming Interfaces). When the trainee finishes the training, one utilizes the snapshot function of the virtual machine to return the virtual environment to the pre-training state. Trainees do not need to build a virtual environment for each scenario, but they are able to conduct training in an environment similar to a real network by calling a virtual environment with a simple operation from a web browser. Therefore, it is expected that the convenience of trainees and the efficiency of the education will be increased.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Abdelaal MA, Ebrahim GA, Anis WR (2019) A scalable network-aware virtual machine allocation strategy in multi-datacentre cloud computing environments. International Journal of Cloud Computing 8. https://doi.org/10.1504/IJCC.2019.101329

  2. Ahnlab-ASEC (2017) ASECREPORT, 87: 12–30

  3. Arduin PE (2018) The three categories of insider threats. John Wiley & Sons, Inc. 10: 59–67 doi: 10.1002/9781119419785.ch3

  4. Bulusu S, Laborde R, Wazan AS, Barrère F, Benzekri A (2017) Describing advanced persistent threats using a multi-agent system approach. 2017 1st cyber security in networking conference (CSNet): 1-3 doi: 10.1109/CSNET.2017.8241997

  5. Czejdo BD, Baszun M (2010) Remote patient monitoring system and a medical social network. International Journal of Social and Humanistic Computing (IJSHC) 1(3):273–281. https://doi.org/10.1504/IJSHC.2010.032688

    Article  Google Scholar 

  6. Du W (2011) SEED: hands-on lab exercises for computer security education. IEEE Security & Privacy Magazine 9(5):70–73. https://doi.org/10.1109/msp.2011.139

    Article  Google Scholar 

  7. Eom J (2015) The improvement plan of a customized cyber-training structure for enhancing the capability of cyber security. Journal of Security Engineering 12(6):567–580. https://doi.org/10.14257/jse.2015.12.05

    Article  Google Scholar 

  8. Evans SC (2008) Securing WebGoat using ModSecurity. OWASP Foundation

  9. Garg S, Kaur K, Kumar N, Rodrigues J (2019) Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in SDN: a social multimedia perspective. IEEE Transactions on Multimedia 21:566–578. https://doi.org/10.1109/TMM.2019.2893549

    Article  Google Scholar 

  10. Hack.me. The house of rising sandbox, https://hack.me

  11. HackerSchool. http://hackerschool.org

  12. Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) IoDDoS — the internet of distributed denial of Sevice attacks - a case study of the Mirai malware and IoT-based botnets. Proceedings of the 2nd international conference on internet of things, big data, and security. doi:10.5220/0006246600470058

  13. Hwang G, Rim M, Song K, Lee J (2014) Future education skills needs analysis through patent analysis in the field of information security. The Korean Operations and Management Science Society 31:1–13. https://doi.org/10.7737/kmsr.2014.31.4.001

    Article  Google Scholar 

  14. Kshetri N (2016) Big Data's big potential in developing economies: impact on agriculture. Health, and Environmental Security:1–29. https://doi.org/10.1079/9781780648682.0001

  15. Li Q, Li S, Xu B, Liu Y (2019) Intrusion detection in distributed frequency control of isolated microgrids. IEEE Access 7:16066–16077. https://doi.org/10.1109/ACCESS.2019.2932020

    Article  Google Scholar 

  16. Li P, Yang X (2019) On dynamic recovery of cloud storage system under advanced persistent threats. IEEE Access 7:102556–103569. https://doi.org/10.1109/ACCESS.2019.2932020

    Article  Google Scholar 

  17. Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Fogh A, Horn J, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown: Reading Kernel Memory from User Space. 27th USENIX Security Symposium (USENIX Security 18): 973–990

  18. McDuffie EL, Piotrowski VP (2014) The future of Cybersecurity education. IEEE Computer 47(8):67–69. https://doi.org/10.1109/MC.2014.224

    Article  Google Scholar 

  19. McGettrick A (2013) Toward effective Cybersecurity education. IEEE Security & Privacy 11(6):66–68. https://doi.org/10.1109/MSP.2013.155

    Article  Google Scholar 

  20. OWASP Broken Web Applications Project, https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project#tab=Main

  21. Pathak PB (2016) A dangerous trend of cybercrime: Ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) 5(2):371–373

    Google Scholar 

  22. Roy SD, Lotan G, Zeng W (2013) Social multimedia signals: sense, process, and put them to work. IEEE Multimedia 20:7–13. https://doi.org/10.1109/MMUL.2013.9

    Article  Google Scholar 

  23. Tian Y, Srivastava J, Huang T, Contractor N (2010) Social multimedia computing. Computer 43:27–36. https://doi.org/10.1109/MC.2010.188

    Article  Google Scholar 

  24. VMware-Official Site: https://www.vmware.com/

  25. Webhacking.kr. Oldzombie, http://webhacking.kr/

Download references

Acknowledgements

This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2018R1D1A1B07047395).

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Sejong University, 98 Gunja-Dong, Gwangjin-Gu, Seoul, 143-747, South Korea

    Seongkyu Yeom, Dongil Shin & Dongkyoo Shin

Authors
  1. Seongkyu Yeom
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dongil Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongkyoo Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dongkyoo Shin.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yeom, S., Shin, D. & Shin, D. Scenario-based cyber attack·defense education system on virtual machines integrated by web technologies for protection of multimedia contents in a network. Multimed Tools Appl 80, 34085–34101 (2021). https://doi.org/10.1007/s11042-019-08583-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-019-08583-0

Keywords

Search

Navigation