skip to main content
10.1145/3440943.3444738acmconferencesArticle/Chapter ViewAbstractPublication PagesiceaConference Proceedingsconference-collections
research-article
Open access

CERT Training Platform over the Event-Recordable Container

Published: 27 September 2021 Publication History

Abstract

The current COVID-19 pandemic has resulted in many changes in the IT systems and services of institutions, which also heightened the concerns regarding the potential increase in intrusion incidents, especially when most works in institutions are performed at home. The need for pre-training against intrusion incidents has then become extremely necessary. Unfortunately, current learning methods in existing studies are insufficient for application in the present demand because these methods were originally designed for environments that are tailored-fit for learners and not in actual environments. This paper proposes a training system, namely, computer emergency response team (CERT), that can be specifically designed for learners in an institution to provide intrusion-incident cases using a Web-based training system. CERT can easily replicate the service or system in an institution to a honeypot environment to automatically collect and classify intrusion incidents using diverse evaluation criteria so that learning can be achieved from different perspectives. Hence, the institution operating service and system can easily be replicated. Artifacts of intrusion incidents are collected using the Docker container technology and event-recordable container, which are analyzed using a Web browser without installing a separate program. Thus, optimal learning results from the analysis of actual attacks are expected.

References

[1]
Frank Adelmann and Tamas Gaidosch. 2020. Cybersecurity of Remote Work During the Pandemic. IMF COVID-19 Special Series. International Monetary Fund, Washington, D.C.
[2]
Michael Davis Camilo Viecco and Sebek Droids. 2006. Sebek. http://honeynet.onofri.org/tools/sebek/. (2006).
[3]
Lek Christopher, K-KR Choo, and Ali Dehghantanha. 2017. Honeypots for employee information security awareness and education training: a conceptual EASY training model. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications. Elsevier, 111--129.
[4]
Cisco. 2020. Snort. https://www.snort.org/. (2020).
[5]
Sarah Cohen, Werner Nutt, and Yehoshua Sagic. 2007. Deciding equivalances among conjunctive aggregate queries. J. ACM 54, 2, Article 5 (April 2007), 50 pages. https://doi.org/10.1145/1219092.1219093
[6]
Thibault Debatty and Wim Mees. 2019. Building a Cyber Range for training CyberDefense Situation Awareness. In 2019 International Conference on Military Communications and Information Systems (ICMCIS). IEEE, 1--6.
[7]
DinoTools. 2013. Dionaea - catches bugs. https://github.com/DinoTools/dionaea. (2013).
[8]
P Fanfara, M Dufala, and E Chovancová. 2013. Usage of proposed autonomous hybrid honeypot for distributed heterogeneous computer systems in education process. In 2013 IEEE 11th International Conference on Emerging eLearning Technologies and Applications (ICETA). IEEE, 83--88.
[9]
FireEye. 2012. IOC Editor. https://www.fireeye.com/services/freeware/ioc-editor.html. (2012).
[10]
Docker Inc. 2020. Docker Hub. https://hub.docker.com. (2020).
[11]
National Institute of Standards and Technology 2012. Computer Security Incident Handling Guide. National Institute of Standards and Technology.
[12]
Gordon W Romney, Jeremiah K Jones, Brandon L Rogers, and Philip MacCabe. 2005. IT security education is enhanced by analyzing Honeynet data. In 2005 6th International Conference on Information Technology Based Higher Education and Training. IEEE, F3D/10-F3D/14.
[13]
Upi Tamminen. 2009. Kippo. https://github.com/desaster/kippo. (2009).

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ACM ICEA '20: Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications
December 2020
219 pages
ISBN:9781450383042
DOI:10.1145/3440943
This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 September 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Digital Forensics
  2. Event-Recordable Container
  3. Training Platform

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

Conference

ACM ICEA '20
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 196
    Total Downloads
  • Downloads (Last 12 months)103
  • Downloads (Last 6 weeks)5
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media