Adapting CTF challenges into virtual cybersecurity learning environments

Karagiannis, Stylianos; Magkos, Emmanouil

doi:10.1108/ics-04-2019-0050

Cited by 16 publications

(7 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…They now support specialized domains such as Internet of Things (IoT) [18], cyber-physical systems [19], smart grids [20], and Information Communications Technology (ICT) systems [12,14,21]. Furthermore, the cyber ranges serve various purposes: research and development, training and education [3,22], and hosting exercises and competitions like Cyber Defense Exercises (CDX) and Capture the Flag (CTF) events [23]. Some other researchers have created flexible, scalable, and easily reproducible cybersecurity environments for training and experimentation by leveraging AI [13], virtualization [3,24], and automation tools, using technologies like Docker, Ansible, and Python.…”

Section: Cyber Rangesmentioning

confidence: 99%

Cyber5Gym: An Integrated Framework for 5G Cybersecurity Training

Hamza,

Ejaz,

Kim

2024

Electronics

View full text Add to dashboard Cite

The rapid evolution of 5G technology, while offering substantial benefits, concurrently presents complex cybersecurity challenges. Current cybersecurity systems often fall short in addressing challenges such as the lack of realism of the 5G network, the limited scope of attack scenarios, the absence of countermeasures, the lack of reproducible, and open-sourced cybersecurity training environments. Addressing these challenges necessitates innovative cybersecurity training systems, referred to as “cyber ranges”. In response to filling these gaps, we propose the Cyber5Gym, an integrated cyber range that enhances the automation of virtualized cybersecurity training in 5G networks with cloud-based deployment. Our framework leverages open-source tools (i) Open5GS and UERANSIM for realistic emulation of 5G networks, (ii) Docker for efficient virtualization of the training infrastructure, (iii) 5Greply for emulating attack scenarios, and (iv) Shell scripts for automating complex training operations. This integration facilitates a dynamic learning environment where cybersecurity professionals can engage in real-time attack and countermeasure exercises, thus significantly improving their readiness against 5G-specific cyber threats. We evaluated it by deploying our framework on Naver Cloud with 20 trainees, each accessing an emulated 5G network and managing 100 user equipments (UEs), emulating three distinct attack scenarios (SMC-Reply, DoS, and DDoS attacks), and exercising countermeasures, to demonstrate the cybersecurity training. We assessed the effectiveness of our framework through specific metrics such as successfully establishing the 5G network for all trainees, accurate execution of attack scenarios, and their countermeasure implementation via centralized control of the master using automated shell scripts. The open-source foundation of our framework ensures replicability and adaptability, addressing a critical gap in current cybersecurity training methodologies and contributing significantly to the resilience and security of 5G infrastructures.

show abstract

Section: Cyber Rangesmentioning

confidence: 99%

Cyber5Gym: An Integrated Framework for 5G Cybersecurity Training

Hamza,

Ejaz,

Kim

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Estudio descriptivo de caso. Cualitativo (Franco, 2023); (Christensen, 2021) (Colombelli, 2021); (Karagiannis, 2020) Método mixto (Lau, 2021); (Lara-Prieto, 2023); (Necchi, 2020) Revisión de literatura (Leijon, 2022); (Conde, 2021); (Gallagher, 2020) Tabla 2: Metodologías utilizadas en las piezas analizadas…”

Section: Metodologíaunclassified

Aporte pedagógico del Aprendizaje Basado en Desafíos a la formación de los administradores de empresas: una revisión sistemática de la literatura (2019-2023)

Rincón Sánchez,

Pinedo Cantillo,

Ramírez -Tarazona

2023

Sophia

View full text Add to dashboard Cite

La educación en la sociedad del conocimiento se enfrenta a enormes retos que deben ser afrontados bajo la perspectiva de la innovación pedagógica y didáctica. En esta época de cambios el Aprendizaje Basado en Desafíos se erige como una orientación oportuna para el mejoramiento de las prácticas de enseñanza y aprendizaje, particularmente en los programas de administración de empresas ofertados en instituciones de educación superior. Si bien el CBL es una metodología que en los últimos años se ha venido desarrollando en distintas áreas del conocimiento, en las ciencias económicas y administrativas aún se desconoce todo el potencial que este enfoque tiene para ofrecer a la formación universitaria. Siendo esto así, este artículo presenta una revisión sistemática de la literatura sobre el aporte pedagógico del Challenge-Based Learning a la formación de nuevos administradores de empresas en la educación superior, de tal forma que puedan responder a las necesidades de las organizaciones del presente y del futuro. Se realiza un estudio descriptivo analizando las investigaciones publicadas desde el año 2019 hasta el 2023, siguiendo las directrices Prisma. Se revisaron 82 artículos utilizando una matriz temática cualitativa. Los resultados describen los beneficios de la integración del aprendizaje basado en desafíos en la estructura pedagógica de los programas de administración de empresas. Con esta investigación se aporta al estado del arte de un aspecto relevante que se abre paso en la educación superior en América Latina.

show abstract

“…Carvalho et al [20] presented Activity Theory-based Model of Serious Games (ATMSG) which has the objective of "supporting the analysis and design of serious games when a thorough understanding of the characteristics of the game is needed". Based on ATMSG, Karagiannis et al [21], present the COFELET ontology as a way to describe the key elements that such approaches should embrace to assimilate well known cyber security threat analysis and modeling standards as the means to create interesting educational experiences. The COFELET ontology was extended with the additional elements of learning objective, grade scheme and role in [22].…”

Section: A Classification Systemmentioning

confidence: 99%

Framing Gamification in Undergraduate Cybersecurity Education

Weitl-Harms

Spanier

Hastings

et al. 2023

CISSE

View full text Add to dashboard Cite

Gamification presents potential benefits in courses that traditionally require the comprehension of complex concepts and a high level of technical and abstract thinking. Courses in Cyber Security Operations (CSO) undergraduate education meet these criterion. This research evaluates organizational constructs that have been applied to gamification applications (GAs) in CSO education. It utilizes framing theory and frame-reflective discourse analysis to outline frames based on engagement levels and analyzes the current distribution of GAs. The following organizational constructs for GAs in data structures and algorithms education apply to CSO education: Enhanced Examination (EE), Visualization of Abstract Ideas (VAI), Dynamic Gamification (DG), Social and Collaborative Engagement (SGE), and Collaborative Gamification Development (CGD). Three additional frames are identified: Missions and Quests (MQ), Simulations (Sim) and Aspirational Learning (AL). MQ GAs have process-driven quests, stories, and/or descriptive scenarios to augment engagement. Sim GAs use environmental immersion to demonstrate real world problem solving while allowing freedom of movement. AL GAs use goal-based designs like Capture The Flag (CTF) missions to enhance engagement. Twenty-seven existing CSO GAs fit within the MQ frame as CSO education lends itself well to these types of experiences. Seventeen CSO GAs fall within the AL GA frame, many of these manifesting as CTF missions. Seventeen CSO GAs fit in the EE Frame due to their optimization in the analysis of learning progress. Nine Sim GAs were successfully deployed in CSO education, followed by 4 VAI, 3 SGE, and 3 DG GAs.

show abstract

Adapting CTF challenges into virtual cybersecurity learning environments

Cited by 16 publications

References 44 publications

Cyber5Gym: An Integrated Framework for 5G Cybersecurity Training

Cyber5Gym: An Integrated Framework for 5G Cybersecurity Training

Aporte pedagógico del Aprendizaje Basado en Desafíos a la formación de los administradores de empresas: una revisión sistemática de la literatura (2019-2023)

Framing Gamification in Undergraduate Cybersecurity Education

Contact Info

Product

Resources

About