Abstract
Security issues have been raised with the tremendous growth of social multimedia content evolving content distribution and social interaction. To protect the social multimedia contents in a network, information security education has been actively studied, and various educational systems are being provided. Even when trainees have completed the training that they can practice, such as DDoS(Distributed Denial of Services) response and database outbreak attack, most of the education methods are based on the theory or advance notification method designed as part of the scenario beforehand and it is difficult to apply these to actual situations. In addition, building new systems and learning to use them for each scenario lowers the training effectiveness.
In this paper, we investigate various cases of cyber incident in the content distribution networks. Based on research, we develop Meltdown, Mirai malware, Carbanak APT(Advanced Persistent Threats), and Ransomware scenarios that assume a real multimedia contents distribution situation. We also build and store individual virtual environments for each scenario, integrating them into VMWare ESXI, so that attack and defense practices can be conducted similar to real world networks. The deployed environment is integrated with the Web through the VM API(Virtual Machine Application Programming Interfaces). When the trainee finishes the training, one utilizes the snapshot function of the virtual machine to return the virtual environment to the pre-training state. Trainees do not need to build a virtual environment for each scenario, but they are able to conduct training in an environment similar to a real network by calling a virtual environment with a simple operation from a web browser. Therefore, it is expected that the convenience of trainees and the efficiency of the education will be increased.
Similar content being viewed by others
References
Abdelaal MA, Ebrahim GA, Anis WR (2019) A scalable network-aware virtual machine allocation strategy in multi-datacentre cloud computing environments. International Journal of Cloud Computing 8. https://doi.org/10.1504/IJCC.2019.101329
Ahnlab-ASEC (2017) ASECREPORT, 87: 12–30
Arduin PE (2018) The three categories of insider threats. John Wiley & Sons, Inc. 10: 59–67 doi: 10.1002/9781119419785.ch3
Bulusu S, Laborde R, Wazan AS, Barrère F, Benzekri A (2017) Describing advanced persistent threats using a multi-agent system approach. 2017 1st cyber security in networking conference (CSNet): 1-3 doi: 10.1109/CSNET.2017.8241997
Czejdo BD, Baszun M (2010) Remote patient monitoring system and a medical social network. International Journal of Social and Humanistic Computing (IJSHC) 1(3):273–281. https://doi.org/10.1504/IJSHC.2010.032688
Du W (2011) SEED: hands-on lab exercises for computer security education. IEEE Security & Privacy Magazine 9(5):70–73. https://doi.org/10.1109/msp.2011.139
Eom J (2015) The improvement plan of a customized cyber-training structure for enhancing the capability of cyber security. Journal of Security Engineering 12(6):567–580. https://doi.org/10.14257/jse.2015.12.05
Evans SC (2008) Securing WebGoat using ModSecurity. OWASP Foundation
Garg S, Kaur K, Kumar N, Rodrigues J (2019) Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in SDN: a social multimedia perspective. IEEE Transactions on Multimedia 21:566–578. https://doi.org/10.1109/TMM.2019.2893549
Hack.me. The house of rising sandbox, https://hack.me
HackerSchool. http://hackerschool.org
Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) IoDDoS — the internet of distributed denial of Sevice attacks - a case study of the Mirai malware and IoT-based botnets. Proceedings of the 2nd international conference on internet of things, big data, and security. doi:10.5220/0006246600470058
Hwang G, Rim M, Song K, Lee J (2014) Future education skills needs analysis through patent analysis in the field of information security. The Korean Operations and Management Science Society 31:1–13. https://doi.org/10.7737/kmsr.2014.31.4.001
Kshetri N (2016) Big Data's big potential in developing economies: impact on agriculture. Health, and Environmental Security:1–29. https://doi.org/10.1079/9781780648682.0001
Li Q, Li S, Xu B, Liu Y (2019) Intrusion detection in distributed frequency control of isolated microgrids. IEEE Access 7:16066–16077. https://doi.org/10.1109/ACCESS.2019.2932020
Li P, Yang X (2019) On dynamic recovery of cloud storage system under advanced persistent threats. IEEE Access 7:102556–103569. https://doi.org/10.1109/ACCESS.2019.2932020
Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Fogh A, Horn J, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown: Reading Kernel Memory from User Space. 27th USENIX Security Symposium (USENIX Security 18): 973–990
McDuffie EL, Piotrowski VP (2014) The future of Cybersecurity education. IEEE Computer 47(8):67–69. https://doi.org/10.1109/MC.2014.224
McGettrick A (2013) Toward effective Cybersecurity education. IEEE Security & Privacy 11(6):66–68. https://doi.org/10.1109/MSP.2013.155
OWASP Broken Web Applications Project, https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project#tab=Main
Pathak PB (2016) A dangerous trend of cybercrime: Ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) 5(2):371–373
Roy SD, Lotan G, Zeng W (2013) Social multimedia signals: sense, process, and put them to work. IEEE Multimedia 20:7–13. https://doi.org/10.1109/MMUL.2013.9
Tian Y, Srivastava J, Huang T, Contractor N (2010) Social multimedia computing. Computer 43:27–36. https://doi.org/10.1109/MC.2010.188
VMware-Official Site: https://www.vmware.com/
Webhacking.kr. Oldzombie, http://webhacking.kr/
Acknowledgements
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2018R1D1A1B07047395).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Yeom, S., Shin, D. & Shin, D. Scenario-based cyber attack·defense education system on virtual machines integrated by web technologies for protection of multimedia contents in a network. Multimed Tools Appl 80, 34085–34101 (2021). https://doi.org/10.1007/s11042-019-08583-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-019-08583-0