%0 Conference Proceedings
%T A Digital Twin-Based Cyber Range for SOC Analysts
%+ University of Regensburg
%+ Department of Informatics [Ionian University]
%A Vielberth, Manfred
%A Glas, Magdalena
%A Dietz, Marietheres
%A Karagiannis, Stylianos
%A Magkos, Emmanouil
%A Pernul, Günther
%Z Part 6: Potpourri II
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 35th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
%C Calgary, AB, Canada
%Y Ken Barker
%Y Kambiz Ghazinour
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXV
%V LNCS-12840
%P 293-311
%8 2021-07-19
%D 2021
%R 10.1007/978-3-030-81242-3_17
%K Cyber range
%K Security operations center
%K Digital twin
%Z Computer Science [cs]Conference papers
%X Security Operations Centers (SOCs) provide a holistic view of a company’s security operations. While aiming to harness this potential, companies are lacking sufficiently skilled cybersecurity analysts. One approach to meet this demand is to create a cyber range to equip potential analysts with the skills required. The digital twin paradigm offers great benefit by providing a realistic virtual environment to create a cyber range. However, to the best of our knowledge, tapping this potential to train SOC analysts has not been attempted yet. To address this research gap, a concept of a digital twin-based cyber range for SOC analysts is proposed and implemented. As part of the virtual training environment, several attacks against an industrial system are simulated. Being provided with a SIEM system that displays the real-time log data, the trainees solve increasingly complex tasks in which they have to detect the attacks performed against the system. Thereby, they learn how to interact with a SIEM system and create rules that correlate events aiming to detect security incidents. To evaluate the implemented cyber range, a comprehensive user study demonstrates a significant increase of knowledge within SIEM-related topics among the participants. Additionally, it indicates that the cyber range was subjectively perceived as a positive learning experience by the participants.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-03677035/document
%2 https://inria.hal.science/hal-03677035/file/513274_1_En_17_Chapter.pdf
%L hal-03677035
%U https://inria.hal.science/hal-03677035
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-12840