CyExec*: A High-Performance Container-Based Cyber Range With Scenario Randomization

Abstract

With increasing threats to information security, information security education through practical exercises specifically cyber range has attracted attention. However, the use of a cyber range is not widespread because of the high initial and maintenance cost and difficulty of developing new scenarios. Because many virtual instances are executed in the cyber range, the advantage of container type virtualization, which can provide a lightweight execution environment, is expected to increase efficient hardware utilization and decrease the total cost. On the other hand, containers pose challenges in scalability and scenario development when it comes to their use in cyber ranges because their performance advantages and vulnerability reproducibility have not been reported. In this paper, we conducted an exhaustive experiment to compare the performance and reproducibility of container-type virtualization with other virtualization types. The results show that containers can provide a more efficient execution environment than the other types, with almost perfect vulnerability reproducibility of more than 99% while reducing memory consumption by half and storage consumption to 1/60. The container’s high performance and reproducibility enabled us to develop CyExec*, a cyber range system with DAG-based scenario randomization technology. CyExec* can increase educational effectiveness by automatically generating multiple scenarios with the same learning objective. Compared with a random scenario generator for CTF using another virtualization type, CyExec* shows more than three times higher performance. CyExec* can solve existing cyber range issues.