Browse > Article
http://dx.doi.org/10.9708/jksci.2020.25.08.039

A Fuzzy Rule-based System for Automatically Generating Customized Training Scenarios in Cyber Security  

Nam, Su Man (DuDu Information Technologies, Ltd.)
Abstract
Despite the increasing interest in cyber security in recent years, the emergence of new technologies has led to a shortage of professional personnel to efficiently perform the cyber security. Although various methods such as cyber rage are being used to cultivate cyber security experts, there are problems of limitation of virtual training system, scenario-based practice content development and operation, unit content-oriented development, and lack of consideration of learner level. In this paper, we develop a fuzzy rule-based user-customized training scenario automatic generation system for improving user's ability to respond to infringement. The proposed system creates and provides scenarios based on advanced persistent threats according to fuzzy rules. Thus, the proposed system can improve the trainee's ability to respond to the bed through the generated scenario.
Keywords
Cyber security; Virtual environment; Scenario automatic generation; Fuzzy Logic; Advanced persistent threats;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 D. Moon, H. Lee, and I. Kim, "Host based Feature Description Method for Detecting APT Attack-APT," Journal of The Korea Institute of Information Security and Cryptology (JKIISC), vol. 24, no. 5, pp. 839-850, 2014. DOI: 10.13089/JKIISC.2014.24.5.839   DOI
2 S. Nam, J. Ryoo, and Y. Park, "Virtual training system for checking user account and detecting unauthorized account access to counter cyber attacks," 2019 Korea Convergence Security Association Conference, Oct. 2019.
3 S. M. Nam, Y. S. Park, "Cyber Security Simulated Training System and Cyber Aegis", Bookk, Feb. 2020.
4 J. Noh, D. Shin, and D. Shin, "Automated Classification by Efficient Learner Level based on Machine Learning," 2019 Korean Society for Internet Information Conference, Nov. 2019.
5 R. Babuska, "Fuzzy systems, modeling and identification," Delft Univ. Technol. Dep. Electr. Eng. Control Lab. Mekelweg, vol. 4, 1996.
6 S. H. Chi and T. H. Cho, "Fuzzy logic based propagation limiting method for message routing in wireless sensor networks," in International Conference on Computational Science and Its Applications, 2006, pp. 58-67.
7 Joint Publication 3-12, "Cyberspace Operations," 8 June 2019
8 Yong Goo Kang, Jeong Do Yoo, Eunji Pa가, Dong Hwa Kim, and Hyu Kang Kim, "Design and Implementation of Cyber Attack Simulator based on Attack Techniques Modeling," Jounrnal of The Korea Society of Computer and Information, Vol. 25, No. 3, pp. 65-72, March 2020.
9 Whitehouse.gov, "The National Cyber Range," Whitehouse, 2009. [Online]. Available: https://obamawhitehouse.archives.gov/files/documents/cyber/DARPA - NationalCyberRange_FactSheet.pdf.
10 D. Kim and Y. Kim, "A Study of Administration of Cyber Range," J. Internet Comput. Serv., vol. 18, no. 5, pp. 9-15, 2017.   DOI
11 H. Y. Lee, Y. S. Park, J. M. Ryoo, T. Korea, and S. For, "Generation of Random Virtual Environments for Cyber Kill Chain Training," in The Korea Society For Simulation, 2018, pp. 15-18.
12 Z. C. Schreuders, T. Shaw, M. Shan-A-Khuda, G. Ravichandran, J. Keighley, and M. Ordean, "Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events," in 2017 USENIX$ Workshop on Advances in Security Education (ASE), 2017.
13 W. Feng, "A Scaffolded, Metamorphic CTF for Reverse Engineering," in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE), 2015.
14 J. Burket, P. Chapman, T. Becker, C. Ganas, and D. Brumley, "Automatic problem generation for capture-the-flag competitions," in 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE), 2015.
15 DuDuIT, "Cyber-hacking response training system." [Online]. Available: http://duduit.co.kr.
16 J. Park, S. Yeom, S. Nam, D. Shin, and D. Shin, "Scenario-based Cyber Attack / Defense Education System Using Virtual Machine," 2019 Korean Society For Internet Information Conference, 2019.
17 Y. S. Park, J. M. Yyoo, H. Y. Lee, "Virtualization-based training content delivery system". Kor. Patent No. 10-2020-0023934, 2020.