Name
Abstract | ||
|---|---|---|
Security Operations Centers (SOCs) provide a holistic view of a company's security operations. While aiming to harness this potential, companies are lacking sufficiently skilled cybersecurity analysts. One approach to meet this demand is to create a cyber range to equip potential analysts with the skills required. The digital twin paradigm offers great benefit by providing a realistic virtual environment to create a cyber range. However, to the best of our knowledge, tapping this potential to train SOC analysts has not been attempted yet. To address this research gap, a concept of a digital twin-based cyber range for SOC analysts is proposed and implemented. As part of the virtual training environment, several attacks against an industrial system are simulated. Being provided with a SIEM system that displays the real-time log data, the trainees solve increasingly complex tasks in which they have to detect the attacks performed against the system. Thereby, they learn how to interact with a SIEM system and create rules that correlate events aiming to detect security incidents. To evaluate the implemented cyber range, a comprehensive user study demonstrates a significant increase of knowledge within SIEM-related topics among the participants. Additionally, it indicates that the cyber range was subjectively perceived as a positive learning experience by the participants. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1007/978-3-030-81242-3_17 | DATA AND APPLICATIONS SECURITY AND PRIVACY XXXV |
Keywords | DocType | Volume |
Cyber range, Security operations center, Digital twin | Conference | 12840 |
ISSN | Citations | PageRank |
0302-9743 | 1 | 0.43 |
References | Authors | |
0 | 6 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Manfred Vielberth | 1 | 5 | 1.99 |
| Magdalena Glas | 2 | 1 | 0.43 |
| Marietheres Dietz | 3 | 12 | 1.97 |
| Stylianos Karagiannis | 4 | 1 | 2.46 |
| Emmanouil Magkos | 5 | 1 | 0.77 |
| Günther Pernul | 6 | 1 | 1.11 |