CyExec*: Automatic Generation of Randomized Cyber Range Scenarios

Abstract

With the development of information technology, the need for information security education is increasing, and the effectiveness of cyber range exercises is attracting attention. The cyber range is a system to learn knowledge and skills by experiencing an incident scenario reproduced in a virtual environment. Many scenarios are required to train a security expert through various incident experiences. However, scenario development requires highly specialized expertise. Thus, in practice, only a limited number of scenarios are worn out around. Identical scenarios may decrease the educational effect since the other teams’ actions or write-ups on the internet will hint the students. We propose CyExec*, a cyber range system that automatically generates multiple scenarios based on DAG(Directed Acyclic Graph)-based scenario randomization. Multiple scenarios with the same learning objectives can enhance teaching effectiveness and prevent cheating. We developed the DAGbased scenario randomization technique on a Docker-based cyber range system called CyExec. By taking full advantage of Docker’s system/network configuration power, we can randomize complex scenarios across multiple networks. Comparison with the VM-based scenario generators, CyExec* outperforms, especially in storage usage. Further, CyExec∗ only consumes 1/3 memories, 1/4 CPU loads, and 1/10 storage usages. Thus, Cyexec∗ can operate approximately 3-times more complex scenarios than VM-based systems.