CyExec - Training Platform for Cybersecurity Education Based on a Virtual Environment

Sanggyu Shin; Yoichi Seto

doi:10.52731/ijltle.v3.i1.517

Sanggyu Shin Tokai University http://orcid.org/0000-0001-6297-6971
Yoichi Seto Advanced Institute for Industrial Technology

DOI: https://doi.org/10.52731/ijltle.v3.i1.517

Keywords: cybersecurity, education, training platform, CyExec

Abstract

In this paper, we propose the CyExec, an effective cybersecurity training platform in a attacks, are increasing rapidly, and a large number of cybersecurity incidents are frequently occurring. On the other hand, capable personnel is much lacking, becoming an urgent issue that strengthens the systematic human resource development cultivating capabilities for cybersecurity activities. Only a few parts of universities and companies in Japan are conducting education using an effective training system on the market because of expensive and difficult to use that adopted and operation the training system like Cyber Range in higher education institutions and SMEs. On this account, we developed a virtual environment named Cyber Security Exercises (CyExec) system utilizing VirtualBox and Docker to enforce practical cybersecurity exercises cost-effectively and flexibly. In our proposal, we imported the implementation of the OSS vulnerability diagnosis in our system, and developed and implemented a cyberattack and defense training program based on the WebGoat that cybersecurity training system program.

References

S. Shin et al., “Development of Training System and Practice Contents for Cybersecurity Education,” Proc. 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), 2019, pp. 172–177.

Information and Security White Paper 2019 (in Japanese), white paper, Informationtechnology Promotion Agency, Japan (IPA), Aug. 2019.

National Center of Incident and Strategy for Cybersecurity, Japan, “Cybersecurity Strategy (in Japanese),” 7 Jul. 2018; https://www.nisc.go.jp/active/kihon/pdf/cs-senryaku2018-kakugikettei.pdf.

Ministry of Economy, Trade and Industry, Japan, “Survey on latest trends and future estimates of IT personnel (in Japanese),” Jun. 2016; https://www.meti.go.jp/committee/kenkyukai/shoujo/daiyoji_sangyo_skill/pdf/001_s02_00.pdf.

National Institute of Information and Communications Technology, “Practical cyber defense exercises Cyder (in Japanese),” Mar. 2019; https://www.nict.go.jp/press/2019/03/20-1.html.

K. Nakajima et al., “Proposal of an Environment for Practical System Security Learning From the Viewpoint of Hacker (in Japanese),” The 30th Annual Conference of Japan Society for Software Science and Technology, 2013.

Ministray of Education, Culture, Sports, Science and Technology, Japan, “Annual report 2016,” enPiT, 2017; http://www.enpit.jp/img_new/publications/enPiT_annualreport_uni_2017.pdf.

Cyber Defense Exercise with Recurrence; https://cyder.nict.go.jp/.

A. Tomomi, “Effectiveness of Cyber Exercise - Toward Resilient Organization,” Dec. 2015; https://www.jpcert.or.jp/present/2015/ICS20150212-NITech.pdf.

N. Maki et al.,“An Effective Cybersecurity Exercises Platform CyExec and its Training Contents,” International Journal of Information and Education Technology, vol. 10, no 3, 2020, pp. 215–221.

OWASP Webgoat Project; https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Information-technology Promotion Agency, Japan, 2018, “Vulnerability experience learning tool AppGoat,” Jan. 2020; https://www.ipa.go.jp/security/vuln/appgoat/

M. Sugawara et al., “Introduction of Attacker’s Scenario to a Serious Game to Improve Capability of Cyber Security,” Information Processing Society of Japan 79th National Congress, 2017.

K. Nakashima, I. Kei and N. Ayahiko, “Proposal of An Environment for Practical System Se- curity Learning from the Viewpoint of “Hacker”,” The 30th Congress of the Japan Society of Software Science, 2013.

M. Eture, “Practical Exercises for Cyber Attacks,” Information processing, vol. 55, no. 7, 2014, pp. 666-672.

S. Yashiro et al.,“A Proposal and Implementation of Training System for SelfStudying targeted Attacks,” Information Processing Society of Japan 79th National Congress, 2017.

S. Daisuke, “Implementation Planning of Penetration Testing Exercises for Raising Cybersecurity Awareness,” IECIE technical report, 2017.

R. Beuran et al., “CyTrONE: An Integrated Cybersecurity Training Framework,” Proc. ICISSP, 2017, pp. 157-166.

LAC Co., “Current Status and Trend of Information Security - Implementation procedure and practice examples of cyber exercises -,” 2015.

T. Shinichi, etc., “Proposal of Cyber attack and defense Exercise system CyExec composed of ecosystem,” CSS2018, 2018.

Releases WebGoat, Jan. 2019; https://github.com/WebGoat/WebGoat/releases.

N. Ryotaro, H. Kumi and S. Yoichi, “Development of Container-based virtual exercise system CyExec related to cyber attack and defense,” The 80th National Convention of IPSJ, 2018.

Japan Network Security Association, “SecBok Human Resources Skill Map (in Japanese),” 2017.

OWASP Zed Attack Proxy Project Homepage; https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.

OWASP Top Ten Project Homepage; https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.