دامنه های سایبری و بسترهای آزمون امنیتی
ترجمه نشده

دامنه های سایبری و بسترهای آزمون امنیتی

عنوان فارسی مقاله: دامنه های سایبری و بسترهای آزمون امنیتی: سناریوها، کاربردها، ابزارها و معماری
عنوان انگلیسی مقاله: Cyber Ranges and Security Testbeds: Scenarios, Functions, Tools and Architecture
مجله/کنفرانس: رایانه و امنیت – Computers & Security
رشته های تحصیلی مرتبط: مهندسی فناوری اطلاعات، مهندسی کامپیوتر
گرایش های تحصیلی مرتبط: اینترنت و شبکه های گسترده، امنیت اطلاعات
کلمات کلیدی فارسی: دامنه سایبری، بستر آزمون امنیتی، سناریوها، امنیت سایبری، استعمال امنیتی
کلمات کلیدی انگلیسی: Cyber range، Security testbed، Scenarios، Cyber security، Security exercise
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.cose.2019.101636
دانشگاه: Norwegian University of Science and Technology, Department of Information Security and Communication Technology, Teknologivegen 22, Oppland, Norway
صفحات مقاله انگلیسی: 62
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2020
ایمپکت فاکتور: 4.337 در سال 2019
شاخص H_index: 77 در سال 2020
شاخص SJR: 0.667 در سال 2019
شناسه ISSN: 0167-4048
شاخص Quartile (چارک): Q1 در سال 2019
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
آیا این مقاله مدل مفهومی دارد: ندارد
آیا این مقاله پرسشنامه دارد: ندارد
آیا این مقاله متغیر دارد: ندارد
کد محصول: E14528
رفرنس: دارای رفرنس در داخل متن و انتهای مقاله
فهرست مطالب (انگلیسی)

Abstract

۱٫ Introduction

۲٫ Related work

۳٫ Methodology

۴٫ Analysis of results

۵٫ Synthesis

۶٫ Discussion and conclusion

Declaration of Competing Interest

Appendix A. Appendix: Citation Data

References

بخشی از مقاله (انگلیسی)

Abstract

The first line of defense against cyber threats and cyber crimes is to be aware and get ready, e.g., through cyber security training. Training can have two forms, the first is directed towards security professionals and aims at improving understanding of the latest threats and increasing skill levels in defending and mitigating against them. The second form of training, which used to attract less attention, aims at increasing cyber security awareness among non-security professionals and the general public. Conducting such training programs requires dedicated testbeds and infrastructures that help realizing and executing the training scenarios and provide a playground for the trainees. A cyber range is an environment that aims at providing such testbeds. The purpose of this paper is to study the concept of a cyber range, and provide a systematic literature review that covers unclassified cyber ranges and security testbeds. In this study we develop a taxonomy for cyber range systems and evaluate the current literature focusing on architecture and scenarios, but including also capabilities, roles, tools and evaluation criteria. The results of this study can be used as a baseline for future initiatives towards the development and evaluation of cyber ranges in accordance with existing best practices and lessons learned from contemporary research and developments.

Introduction

The recent security incidents worldwide have shown that there is an increase in the complexity and severity of cyber security threats. The attackers become more organized and the attack vectors are using more advanced and automated techniques and tools. The first line of defense against such attacks is increasing cyber security awareness in the public and security skills among the security professionals, in order to be ready and aware of the latest threat techniques and tools. These training programs include the execution of cyber security labs and exercises. In general terms, we define a cyber security exercise as a training exercise that runs attack and/or defense scenarios on virtual and/or physical environments with the aim of improving the attack and/or defence understandings and skills of the participants. Different groups of people are involved in preparing and executing such exercises. A groups of individuals, known as a white team, creates the training environment. Another group, known as a red team, tries to exploit vulnerabilities present in the environment, while a third group, known as a blue team, tries to defend the environment and prevent attacks. These are the main basic roles for those who are involved in an exercise. More comprehensive list of all roles within an exercises is discussed later in the chapter. Please note that we use the term security exercise for any practical training or awareness activity.