Cyber attack and defense training: Using emulab as a platform

. Although the convenience of the Internet has changed contemporary society, lifestyles, and interpersonal communications, it has also enabled various network intru-sions that attempt to seize fame or profits through manipulating Internet functionality, computers, software, or the social weaknesses of the users. Attackers have leveraged new technologies and developed new techniques to deploy an endless array of tactics and skills. However, conventional cybersecurity education often relies on classroom teaching instead of practical tasks using real machines, because actual machine practice often provokes attacks or abnormal network traffic. This article used Emulab as a testing platform to provide a controllable environment that enabled quick deployment, adjustment, and measurement of both offensive and defensive cybersecurity experiments. Through the integration of cyber-attack and defense maneuvers within predetermined scenarios, as well as related cybersecurity questions, this article compiled data regarding the operations and responses of the participants in the exercises. This enabled analysis and improvement of the attack and defense maneuvers, the scenarios, and the platform.

[1]  Akihiro Nakao,et al.  GENI: A federated testbed for innovative network experiments , 2014, Comput. Networks.

[2]  Martina Lindorfer,et al.  Detecting Environment-Sensitive Malware , 2011, RAID.

[3]  Dong Hyun Jeong,et al.  Designing a hybrid approach with computational analysis and visual analytics to detect network intrusions , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[4]  Kevin Chung,et al.  Learning Obstacles in the Capture The Flag Model , 2014, 3GSE.

[5]  J. Viega,et al.  Defcon Capture the Flag: defending vulnerable code from intense attack , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[6]  John L. Clark,et al.  Capture-the-Flag: Learning Computer Security Under Fire , 2004 .

[7]  Manpreet Dhillon,et al.  Towards Changes in Information Security Education , 2006, J. Inf. Technol. Educ..

[8]  Gong Jie,et al.  Research and Design of Network Attack and Defense Platform Based on Virtual Honeynet , 2010, 2010 International Conference on Computational and Information Sciences.

[9]  Kevin W. Hamlen,et al.  Flow-based identification of botnet traffic by mining multiple log files , 2008, 2008 First International Conference on Distributed Framework and Applications.

[10]  Lionel C. Briand,et al.  Behind an Application Firewall, Are We Safe from SQL Injection Attacks? , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[11]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[12]  Li Yuan,et al.  MOOCs and open education: Implications for higher education , 2013 .

[13]  Hongxin Hu,et al.  Enhancing Security Education Through Designing SDN Security Labs in CloudLab , 2018, SIGCSE.

[14]  Paulo Shakarian,et al.  Cyber-deception and attribution in capture-the-flag exercises , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[15]  Duc-Son Pham,et al.  A Study of Web Application Firewall Solutions , 2015, ICISS.

[16]  Yong Peng,et al.  Techniques and Research Trends of Network Testbed , 2014, 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[17]  L. Futcher,et al.  IFIP – The International Federation for Information Processing , 2013 .

[18]  Alexander Mansurov A CTF-Based Approach in Information Security Education: An Extracurricular Activity in Teaching Students at Altai State University, Russia , 2016 .

[19]  Min Chen,et al.  Botnet Topology Reconstruction: A Case Study , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[20]  Thomas de Quincey [C] , 2000, The Works of Thomas De Quincey, Vol. 1: Writings, 1799–1820.

[21]  Wei-Tek Tsai,et al.  Cloud-Based Virtual Laboratory for Network Security Education , 2014, IEEE Transactions on Education.

[22]  Giovanni Vigna Teaching Network Security Through Live Exercises , 2003, World Conference on Information Security Education.

[23]  Jens Mache,et al.  Teaching Cybersecurity Analysis Skills in the Cloud , 2015, SIGCSE.

[24]  M. Sanchez,et al.  Automatic Generation Of Virtual Machines For Security Training , 2016, IEEE Latin America Transactions.

[25]  Robert Ricci,et al.  Precursors: Emulab , 2016, The GENI Book.

[26]  Mon-Yen Luo,et al.  Control frameworks in network emulation testbeds: A survey , 2017, J. Comput. Sci..

[27]  Thomas Shaw,et al.  Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events , 2017, ASE @ USENIX Security Symposium.

[28]  Lionel C. Briand,et al.  Automated testing for SQL injection vulnerabilities: an input mutation approach , 2014, ISSTA 2014.

[29]  Xu Chen,et al.  Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[30]  Mike Hibler,et al.  Automatic Online Validation of Network Configuration in the Emulab Network Testbed , 2006, 2006 IEEE International Conference on Autonomic Computing.

[31]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[32]  Hiroyuki Tominaga,et al.  Implementation and Trial Practices for Hacking Competition CTF as Introductory Educational Experience for Information Literacy and Security Learning , 2016 .

[33]  Ting Zhang,et al.  Research and Implementation of Experimental Platform for Network Attack and Defence Based on Honeynet , 2011 .

[34]  Samy S. Abu Naser,et al.  An intelligent tutoring system for teaching advanced topics in information security , 2016 .

[35]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[36]  Eric Eide,et al.  An Experimentation Workbench for Replayable Networking Research , 2007, NSDI.

[37]  Annibale Panichella,et al.  Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks , 2017, 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE).

[38]  Brian Hay,et al.  Capture the Flag as Cyber Security Introduction , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[39]  Andres Perez-Garcia,et al.  On the Use of Emulab Testbeds for Scientifically Rigorous Experiments , 2013, IEEE Communications Surveys & Tutorials.

[40]  Boris Lau,et al.  Measuring virtual machine detection in malware using DSD tracer , 2008, Journal in Computer Virology.