evaluation of cyber defense exercises using visual
play

Evaluation of Cyber Defense Exercises Using Visual Analytics Process - PowerPoint PPT Presentation

Mar 17, 2024 •395 likes •538 views

Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan Vykopal, Karolna Bursk , and Vt Rusk IEEE Frontier in Education Conference, San Jose, USA, 2018 1 KYPO Cyber Range Cloud-based simulator

  1. Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Ošlejšek, Jan Vykopal, Karolína Burská , and Vít Rusňák IEEE Frontier in Education Conference, San Jose, USA, 2018 1

  2. KYPO Cyber Range Cloud-based “simulator” of computer networks So powerful that we can organize cyber defense exercises, CDXs Extreme use case – Comprehensive training for IT professionals – Realism, difficulty (2 days), work under stress, ... – Protection of complex critical infrastructure by Blue teams – Escalated attacks of a Red team – … but the preparation and organization is a nightmare :-( IEEE Frontier in Education Conference, San Jose, USA, 2018 2

  3. Cyber Defense Exercises – Current Problems New scenarios are designed from scratch No transfer of knowledge and experience between (changing) – organizers The lack of situational awareness Monitoring the infrastructure, providing insight, ... – The lack of analytical tools Evaluation of scenarios, improving their impact on learners – Reason: too many involved people, non-formalized processes, changing data, – unclear objectives => a lot of ad-hoc preparation and manual work . IEEE Frontier in Education Conference, San Jose, USA, 2018 3

  4. L e a o r b n j i e n IEEE Frontier in Education Conference, San Jose, USA, 2018 Green T Cyber Defense Exercises – Life Cycle c g Blue T White T t Red T i a v n B e Check Do Plan Adjust s d a c t k r a g eams eam i r n o eam eam i u n n g d s t o r y A. Preparation S c e i n n j a e r c i t o s t a s k s a n d S c e d n e a t r a i i o l s t e c h n i c S a c l o r i n g d e s i S g a n n months d b o x d H e p a l c o k y a m t h e o n n t S c e t n w a e r a i o k i n a n g d s a n d S b a o n x d b o x d e p l o y m e D n r t y r u n e x e c u F e t i e o d n b a c k i n B. Dry run c o r p a week o F r a a m t i i o l i n a r i z a t i o n p e r i o A d c t u a C. Execution l e x e r c i H s e o e t v w days a a l u s h a u t i p o n W o t r e k a s m h o s p f o r B l I u n e t e l e r n a D. Evaluation r a n l e l e d weeks s s o n s 4

  5. Our Goal To clarify data, processes, and requirements ● Systematically support organizers in their tasks by means of ● interactive visualizations integrated into the cyber range IEEE Frontier in Education Conference, San Jose, USA, 2018 5

  6. Approach: Using a Visual Analytics Process Knowledge generation model by Sacha et al. Hypothesis-driven model extending the model of Keim et al. (the – computer part) with hierarchically connected human loops Classification of IEEE Frontier in Education Conference, San Jose, USA, 2018 6

  7. Analytical Goals (Classification of Hypotheses) G1: Evaluation of exercise and its parameters To make an exercise useful and to keep learners motivated to finish it. – Hypotheses related to scenario difficulty, learners’ confidence and – satisfaction, learners’ skills, and other qualitative aspects G2: Behavioral analysis of learners To reveal relevant facts about the motivation of learners, learning – impact, their level of knowledge, etc. Hypothesis related to the study of the behavior of learners during an – exercise. G3: Runtime situational awareness We can consider situational awareness as a process of making simple – runtime hypotheses in the users’ mind. IEEE Frontier in Education Conference, San Jose, USA, 2018 7

  8. Classification of Data Scenario-specific data Configuration data defined by organizers usually in the preparation – phase Division of learners to teams, network topology, penalties, ... – Exercise runtime data A system-generated data gathered and stored during the execution – phase of an exercise. Obtained penalty points by individual teams, ... – Evaluation data User-generated data providing qualitative information – Post-exercise surveys, online feedback data, notes of organizers, ... – IEEE Frontier in Education Conference, San Jose, USA, 2018 8

  9. Classification of Visualizations Exercise infrastructure view Monitoring of services and infrastructure (G3 – situational awareness – and G2 – behavioral analysis). Visual insight into the exercise progression Primary visualizations for G3 – situational awareness. Moreover, online – validation of exercise parameters (G1 – exercise evaluation) Interactive feedback visualizations Interactive = learners provides comments, ranks events, etc. This data – is used by organizers to reveal inappropriate exercise parameters (G1 – exercise evaluation) and to collect behavioral data (G2 – behavioral analysis) IEEE Frontier in Education Conference, San Jose, USA, 2018 9

  10. Model Can be as simple as descriptive statistics or as complex as a ● data mining algorithms Statistical models are used extensively for CDX ● Utilization of advanced models is exceptional and ad-hoc just ● because of missing conceptual solution to repeated analytical tasks IEEE Frontier in Education Conference, San Jose, USA, 2018 10

  11. Case Study Hypothesis: ● The participants improve their skills – Data ● Data from scoring and auditing systems – Pre- and post-exercise questionnaires – Model ● Descriptive statistics – Visualizations ● Feedback visualization – Statistical visualizations – IEEE Frontier in Education Conference, San Jose, USA, 2018 11

  12. Exploration Loop: Actions and Findings For the hypothesis “The participants improve their skills” Actions: Organizers: Data definition, configuration of data sources (sub- – systems) and dashboards (visualizations), evaluation Learners: Filling questionnaires, interaction with the cyber range and – the feedback visualization Findings: Majority of the learners confirmed they learned new skills or re-shaped – existing ones. Some learners did not learn anything new. – Some others admitted the lack of necessary skills. – IEEE Frontier in Education Conference, San Jose, USA, 2018 12

  13. Insight and Knowledge For the hypothesis “The participants improve their skills” Insight: Fairly confirmed. Individual learners would be affected by their skills – and skills of teammates . A novel ways of prerequisite testing are desired. New hypotheses hypotheses have been derived: – The difficulty of the exercise was adequate for learners ● Learners form well-balanced teams ● Knowledge: Knowledge is a “justified insight”. In our case study, it is necessary to – repeat the exercise so that we get data of more participants IEEE Frontier in Education Conference, San Jose, USA, 2018 13

  14. Conclusion We proved the applicability of VA process on complex cyber ● defense exercises We proposed a basic classification for hypotheses, data, ● models, and visualizations and their mapping to CDX life cycle Applying the VA process to the organization of cyber defense ● exercise enabled us to Rethink the organizational and analytical processes in the – hypothesis-driven way Identify current limits in the automation and systematic support of – important processes in our cyber range Structure our know-how so that it would be possible to build a – formalized knowledge and share it across organizers IEEE Frontier in Education Conference, San Jose, USA, 2018 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can we run large cyber security exercises once a week? 2 Stepping back Looking at the configuration management problem, e.g., the gap

749 views • 20 slides
TeamDefend TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N

TeamDefend TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N

TeamDefend TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Agenda Agenda Background on Cyber Exercises Introduction

428 views • 15 slides
What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20 2007 FIRST Annual Technical Conference Sevilla, Espaa Overview Background Purpose of exercises Examples of what we can

351 views • 23 slides
KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence (MSG- 133 ), Munich, Germany 15 th October, 2015 Pavel ELEDA, Jakub EGAN Jan VYKOPAL,

644 views • 19 slides
Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal

Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal

Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal Masaryk University, Brno Who am I? Post-doc researcher with KYPO academic cloud-based cyber range.

451 views • 16 slides
US Army War College Fellowship Cyber Defense/Offense Dr. Bill Young Department of Computer

US Army War College Fellowship Cyber Defense/Offense Dr. Bill Young Department of Computer

US Army War College Fellowship Cyber Defense/Offense Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: February 27, 2013 at 11:16 Dr. Bill Young: 1 Cyber Defense/Offense Some Sources Jeffrey Carr,

936 views • 60 slides
Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele

Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele

PhD Thesis Defense 2019 @ SUTD Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems Daniele Antonioli Singapore University of Technology and Design (SUTD) Daniele Antonioli Design, Implementation, and Evaluation

1.12k views • 77 slides
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system

728 views • 27 slides
Submarine Design Test & Evaluation: Challenging Cyber-Provenance & Cyber Sidecars

Submarine Design Test & Evaluation: Challenging Cyber-Provenance & Cyber Sidecars

Submarine Design Test & Evaluation: Challenging Cyber-Provenance & Cyber Sidecars Capability Systems Centre, School of Engineering and Information Technology Dr Keith Joiner, CSC Group Captain (Retd) Pictures courtesy Australian

339 views • 8 slides
Exercises Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems

Exercises Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems

Systems Engineering Requirements Analysis and Trade-off for Trusted Systems and Networks Tutorial Exercises Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering Paul Popick Johns Hopkins University Applied

544 views • 31 slides
Cyber Defense: three fundamental steps Giorgio Mosca Strategy and Technology Director It

Cyber Defense: three fundamental steps Giorgio Mosca Strategy and Technology Director It

Cyber Defense: three fundamental steps Giorgio Mosca Strategy and Technology Director It would seem that Caesar's recurrent and deep-rooted fault was his concentration in pursuing the objective immediately in front of his eyes to the

847 views • 16 slides
Collective Views of the NSA/CSS Cyber Defense Exercise on Curricula and Learning Objectives

Collective Views of the NSA/CSS Cyber Defense Exercise on Curricula and Learning Objectives

Collective Views of the CDX Collective Views of the NSA/CSS Cyber Defense Exercise on Curricula and Learning Objectives William J. Adams Efstratios L. Gavas Tim Lacey . Leblanc Sylvain P United States Military Academy

445 views • 20 slides
KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A. Cyber Defense and Forensics Analyst The Dilemma Caught in a web, ever growing cyber attacks, changes in technology. Strategies seem to last an

452 views • 28 slides
North Carolina Systems Evaluation Project (SEP) Measuring Indigent Defense System Performance

North Carolina Systems Evaluation Project (SEP) Measuring Indigent Defense System Performance

North Carolina Systems Evaluation Project (SEP) Measuring Indigent Defense System Performance Margaret A. Gressens Research Director North Carolina Office of I ndigent Defense Services August 2018 Systems Evaluation Project (SEP) An

1.02k views • 86 slides
UC.yber Meeting 12 WARGAMES! Last Week Discussed National Collegiate Cyber Defense

UC.yber Meeting 12 WARGAMES! Last Week Discussed National Collegiate Cyber Defense

UC.yber Meeting 12 WARGAMES! Last Week Discussed National Collegiate Cyber Defense Competition Planned out what we need for becoming an official chapter Planned out our visit to Loveland HS Received a donation! Thanks to

1.11k views • 9 slides
Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu

Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu

Integrated Adaptive Cyber Defense: Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu September 2015 Integrated Adaptive Cyber Defense Cybersecurity Reality in the Greater Cyber Ecosystem We arent

660 views • 53 slides
analysis and simulation of data changes to enterprise metrics Final Presentation 29.07.2014

analysis and simulation of data changes to enterprise metrics Final Presentation 29.07.2014

A concept for the visual and interactive impact analysis and simulation of data changes to enterprise metrics Final Presentation 29.07.2014 Master Thesis Matti Maier 1 Index Motivation Research Questions Literature Review

472 views • 24 slides
Giving a Voice to Pension Fund Beneficiaries Gerard Hertig (ETHZurich) Presentation Outline 1.

Giving a Voice to Pension Fund Beneficiaries Gerard Hertig (ETHZurich) Presentation Outline 1.

ECGI Asia Dialogue Corporate Governance and the Public Interest Tokyo, July 8, 2016 Giving a Voice to Pension Fund Beneficiaries Gerard Hertig (ETHZurich) Presentation Outline 1. An ageing (developed) world 2. Giving beneficiaries an

482 views • 13 slides
Recreational Cannabis Public Meeting September 16, 2019 Quick Facts -Beginning January 1, 2020

Recreational Cannabis Public Meeting September 16, 2019 Quick Facts -Beginning January 1, 2020

Village of Antioch Recreational Cannabis Public Meeting September 16, 2019 Quick Facts -Beginning January 1, 2020 recreational use of marijuana for adults 21 and over will become legal in the state of Illinois -The consumption/possession of

440 views • 27 slides
Accelerate, connect, deliver Alex Wynaendts CEO Analyst & Investor Conference - London -

Accelerate, connect, deliver Alex Wynaendts CEO Analyst & Investor Conference - London -

Accelerate, connect, deliver Alex Wynaendts CEO Analyst & Investor Conference - London - January 13, 2016 Todays storyline Transformed the profile of the company by focusing on fee business Achievements Substantially improved

315 views • 31 slides
stephanie.palmer@wienerberger.co.uk @sustainasteph Material solutions for a better quality of

stephanie.palmer@wienerberger.co.uk @sustainasteph Material solutions for a better quality of

The e4 brick house: Healthy, Sustainable, Beautiful Stephanie Palmer Sustainability Manager stephanie.palmer@wienerberger.co.uk @sustainasteph Material solutions for a better quality of life ! What does society need? ! What does society want

1.43k views • 103 slides
April 2011: 1BTC = 1USD April 2011: 1BTC = 1USD February 2018: 1BTC = 10000USD February 2018:

April 2011: 1BTC = 1USD April 2011: 1BTC = 1USD February 2018: 1BTC = 10000USD February 2018:

Roberto Capodieci - r@bcz.ooo - http://bcz.ooo FROM BITCOIN TO THE BLOCKCHAIN presented by Roberto Capodieci 15 th March 2018 for the Business Information Industry Association Regional Meeting March 14th to 15th, 2018 Sofitel Phnom Penh

762 views • 38 slides
CAO Presentation David Oates Agenda Timetable Applicants Responsibilities General

CAO Presentation David Oates Agenda Timetable Applicants Responsibilities General

St. Ciarans Community School January 2014 CAO Presentation David Oates Agenda Timetable Applicants Responsibilities General points regarding the CAO Entry Requirements and the Points System Making an application How

398 views • 38 slides
WF Community Award Winners The groups consist of young people aged 13-22 years and resident in

WF Community Award Winners The groups consist of young people aged 13-22 years and resident in

WF Community Award Winners The groups consist of young people aged 13-22 years and resident in Waltham Forest, from a variety of diverse backgrounds and communities, including recent migrants, children in care and young people with an experience

498 views • 28 slides

More recommend