Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.5.1045

iRF: Integrated Red Team Framework for Large-Scale Cyber Defence Exercise  

Jang, In Sook (Chungnam National University)
Cho, Eun-Sun (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.5, 2021 , pp. 1045-1054 More about this Journal
Abstract
As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.
Keywords
Cyber Defense Exercise; Red Team Framework; Cybersecurity Training;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Swedish Defence Research Agency, "CRATE-cyber range and training environment," https://www.foi.se/en/foi/resources/crate---cyber-range-and-training-environment.html, last accessed Sep. 2021.
2 KISA Academy, "Security-Gym," https://academy.kisa.or.kr/edu/apply10.kisa, last accessed Aug. 2021.
3 The NATO Cooperative Cyber Defence Centre of Excellence, "Locked Shields," https://ccdcoe.org/exercises/locked-shields/, last accessed Aug. 2021.
4 Empire, "Powershell Empire", https://www.powershellempire.com, last accessed Aug. 2021.
5 Brilingaite, Agne, Linas Bukauskas, and Ausrius Juozapavicius, "A frame work for competence development and assessment in hybrid cybersecurity exercises," Computers & Security, vol. 88, pp. 1-13, Jan. 2020.
6 Zilberman, Polina, et al. "SoK: A Survey of Open-Source Threat Emulators," arXiv preprint arXiv:2003.01518, 2020.
7 Applebaum, Andy, et al. "Intelligent, automated red team emulation," Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 363-373, Dec. 2016.
8 FireEye, "M-Trends 2021," https://content.fireeye.com/m-trends-kr/rpt-m-trends-2021-kr, last accessed Aug. 2021.
9 MITRE ATT&CK, "ATT&CK," https://attack.mitre.org/matrices/enterprise, last accessed Aug. 2021.
10 Bluescreenofjeff.com, "Beaconpire," https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/, last accessed Aug. 2021.
11 CobaltStrike, "Aggressor Script," https://www.cobaltstrike.com/aggressor-script/, last access ed Aug. 2021.
12 Hutchins, Eric M., Michael J. Cloppert, and Rohan M. Amin, "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains," Leading Issues in Information Warfare & Security Research, vol. 1, pp. 80-106, Mar. 2011.
13 Matrix, "C2 Matrix," https://www.thec2matrix.com/matrix, last accessed Aug. 2021.
14 European Union Agency For Cybersecurity, "Cyber Europe," https://www.enisa.europa.eu/topics/cyber-exercises/cyber-europe-programme/cyber-europe-2022/, last accessed Sep. 2021.
15 Cybergym, https://www.cybergym.com, last accessed Sep. 2021.
16 Myung Kil Ahn, Yong Hyun Kim, "Research on System Architecture and Simulation Environment for Cyber Warrior Training," Journal of the Korea Institute of Information Security & Cryptology 26(2), pp. 533-540, Apr. 2016.   DOI
17 Younghan Choi, et al. "Design and Implementation of Cyber Range for Cyber Defense Exercise Based on Cyber Crisis Alert." Journal of the Korea Institute of Information Security & Cryptology 30(5), pp. 805-821, Oct. 2020.   DOI