KYPO Cyber Range: Design and Use Cases

Vykopal, Jan; Ošlejšek, Radek; Čeleda, Pavel; Vizváry, Martin; Tovarňák, Daniel

doi:10.5220/0006428203100321

Cited by 67 publications

(42 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The low-level hypotheses were obtained from discussions with six domain experts (three of them are co-authors of this paper), each with more than six years of experience with organizing CTFs and CDXs. The final classification hierarchy was reached by consensus of the authors whose expertise includes cyber training design and organization as well as the design of analytical visualizations for KYPO Cyber Range [7]. The rest of this section is structured according to the proposed scheme as follows.…”

Section: Visualizations and Hypothesesmentioning

confidence: 99%

See 1 more Smart Citation

Conceptual Model of Visual Analytics for Hands-on Cybersecurity Training

Ošlejšek

Rusňák

Burska

et al. 2021

IEEE Trans. Visual. Comput. Graphics

Self Cite

View full text Add to dashboard Cite

Hands-on training is an effective way to practice theoretical cybersecurity concepts and increase participants' skills. In this paper, we discuss the application of visual analytics principles to the design, execution, and evaluation of training sessions. We propose a conceptual model employing visual analytics that supports the sensemaking activities of users involved in various phases of the training life cycle. The model emerged from our long-term experience in designing and organizing diverse hands-on cybersecurity training sessions. It provides a classification of visualizations and can be used as a framework for developing novel visualization tools supporting phases of the training life-cycle. We demonstrate the model application on examples covering two types of cybersecurity training programs.

show abstract

Section: Visualizations and Hypothesesmentioning

confidence: 99%

“…The KYPO Cyber Range [7] is a highly flexible and scalable cloud-based platform. Its core functionality is to emulate computer networks with full-fledged operating systems and network devices that mimic real-world systems.…”

Section: Training Life Cycles and Data In Kypomentioning

confidence: 99%

Conceptual Model of Visual Analytics for Hands-on Cybersecurity Training

Ošlejšek

Rusňák

Burska

et al. 2021

IEEE Trans. Visual. Comput. Graphics

Self Cite

View full text Add to dashboard Cite

show abstract

“…While this skill can be exercised in Capture the Flag games, challenges, and competitions, our courses introduce an innovative approach. The learners are guided to create a serious security game deployed at the KYPO cyber range [19], which allows emulating real threats and attacks in a controlled environment.…”

Section: Introductionmentioning

confidence: 99%

Enhancing cybersecurity skills by creating serious games

Švábenský

Vykopal

Čermák

et al. 2018

Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education

Self Cite

View full text Add to dashboard Cite

Adversary thinking is an essential skill for cybersecurity experts, enabling them to understand cyber attacks and set up effective defenses. While this skill is commonly exercised by Capture the Flag games and hands-on activities, we complement these approaches with a key innovation: undergraduate students learn methods of network attack and defense by creating educational games in a cyber range. In this paper, we present the design of two courses, instruction and assessment techniques, as well as our observations over the last three semesters. The students report they had a unique opportunity to deeply understand the topic and practice their soft skills, as they presented their results at a faculty open day event. Their peers, who played the created games, rated the quality and educational value of the games overwhelmingly positively. Moreover, the open day raised awareness about cybersecurity and research and development in this field at our faculty. We believe that sharing our teaching experience will be valuable for instructors planning to introduce active learning of cybersecurity and adversary thinking.

show abstract

“…Therefore, participants can realistically interact with an assigned host or network infrastructure, and their actions cannot interfere with the operational environment. The following text describes a high-level view of the architecture of the KYPO [26] cyber range, which we use in the Cyber Czech exercise. Sandboxes represent a low-level layer of the cyber range.…”

Section: A Cyber Range Infrastructurementioning

confidence: 99%

“…One very popular cyber range is DETER/DeterLab [20], [21], which is based on Emulab and was started with the goal of advancing cyber security research and education in 2004. Nowadays, there exist many other cyber ranges, e. g., National Cyber Range (NCR) [22], Michigan Cyber Range (MCR) [23], SimSpace Cyber Range [24], EDURange [25], or KYPO Cyber Range [26].…”

Section: Cyber Rangesmentioning

confidence: 99%

Lessons learned from complex hands-on defence exercises in a cyber range

Vykopal

Vizváry

Ošlejšek

et al. 2017

2017 IEEE Frontiers in Education Conference (FIE)

Self Cite

View full text Add to dashboard Cite

Abstract-We need more skilled cybersecurity professionals because the number of cyber threats and ingenuity of attackers is ever growing. Knowledge and skills required for cyber defence can be developed and exercised by lectures and lab sessions, or by active learning, which is seen as a promising and attractive alternative. In this paper, we present experience gained from the preparation and execution of cyber defence exercises involving various participants in a cyber range. The exercises follow a Red vs. Blue team format, in which the Red team conducts malicious activities against emulated networks and systems that have to be defended by Blue teams of learners. Although this exercise format is popular and used worldwide by numerous organizers in practice, it has been sparsely researched. We contribute to the topic by describing the general exercise life cycle, covering the exercise's development, dry run, execution, evaluation, and repetition. Each phase brings several challenges that exercise organizers have to deal with. We present lessons learned that can help organizers to prepare, run and repeat successful events systematically, with lower effort and costs, and avoid a trial-and-error approach that is often used.

show abstract

KYPO Cyber Range: Design and Use Cases

Cited by 67 publications

References 12 publications

Conceptual Model of Visual Analytics for Hands-on Cybersecurity Training

Conceptual Model of Visual Analytics for Hands-on Cybersecurity Training

Enhancing cybersecurity skills by creating serious games

Lessons learned from complex hands-on defence exercises in a cyber range

Contact Info

Product

Resources

About