Jaime C. Acosta, Joshua McKee, Alexander Fielder, S. Salamah
{"title":"A platform for evaluator-centric cybersecurity training and data acquisition","authors":"Jaime C. Acosta, Joshua McKee, Alexander Fielder, S. Salamah","doi":"10.1109/MILCOM.2017.8170768","DOIUrl":null,"url":null,"abstract":"Empirical-based models for security technologies in the commercial and military domain, including those that focus on protection, detection, and broader risk analysis, leverage data captured from sensors on network-connected devices including gateways, routers, and host nodes. Lacking, however, are datasets that contain specific state observations and actions from the evaluator (red/blue teammer) workstation; we call this the inside-view. This is largely due to issues associated with data ownership, data classification, and the lack of integrated evaluator-centric data-collection mechanisms. To enable and promote creation of open datasets that capture the inside-view, we introduce a scalable platform that consists of two main elements. First, the emulation sandbox, or EmuBox, is an open-source and portable (i.e., it can execute on a laptop) solution for creating small-to medium-sized heterogeneous scenarios for evaluators to set up practice environments and competitions and to hone their skills. Second, the evaluatorcentric and extensible logger, ECEL, is a centralized management system that uses plugins for capturing and formatting evaluator data. We conclude the paper by providing a case study to demonstrate the setup and configuration of the platform along with a performance analysis.","PeriodicalId":113767,"journal":{"name":"MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2017.8170768","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
Empirical-based models for security technologies in the commercial and military domain, including those that focus on protection, detection, and broader risk analysis, leverage data captured from sensors on network-connected devices including gateways, routers, and host nodes. Lacking, however, are datasets that contain specific state observations and actions from the evaluator (red/blue teammer) workstation; we call this the inside-view. This is largely due to issues associated with data ownership, data classification, and the lack of integrated evaluator-centric data-collection mechanisms. To enable and promote creation of open datasets that capture the inside-view, we introduce a scalable platform that consists of two main elements. First, the emulation sandbox, or EmuBox, is an open-source and portable (i.e., it can execute on a laptop) solution for creating small-to medium-sized heterogeneous scenarios for evaluators to set up practice environments and competitions and to hone their skills. Second, the evaluatorcentric and extensible logger, ECEL, is a centralized management system that uses plugins for capturing and formatting evaluator data. We conclude the paper by providing a case study to demonstrate the setup and configuration of the platform along with a performance analysis.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
