Event-based Data Collection and Analysis in the Cyber Range Environment

Abstract

The need to educate users on cybersecurity to some extent is critical due to the ever-increasing cyber threats. A number of web presentations, books, and other study materials can be used for this purpose. In contrast to passive learning methods, hands-on training offers a deeper perspective but poses considerable technical challenges to its implementation, which can be resolved using cyber range platforms. However, in order to thoroughly evaluate the training and provide sufficient feedback, data must be collected and analyzed. Our paper addresses this problem by developing an event-based approach for data collection and analysis. The use of events allows us to keep a history of an event and reconstruct it retrospectively, especially for further analysis and evaluation. We validated the implemented approach in a cyber range environment, in which we developed an interactive interface to visualize the analyzed data.The need to educate users on cybersecurity to some extent is critical due to the ever-increasing cyber threats. A number of web presentations, books, and other study materials can be used for this purpose. In contrast to passive learning methods, hands-on training offers a deeper perspective but poses considerable technical challenges to its implementation, which can be resolved using cyber range platforms. However, in order to thoroughly evaluate the training and provide sufficient feedback, data must be collected and analyzed. Our paper addresses this problem by developing an event-based approach for data collection and analysis. The use of events allows us to keep a history of an event and reconstruct it retrospectively, especially for further analysis and evaluation. We validated the implemented approach in a cyber range environment, in which we developed an interactive interface to visualize the analyzed data.