مشخصات مقاله | |
ترجمه عنوان مقاله | دامنه های سایبری و بسترهای آزمون امنیتی: سناریوها، کاربردها، ابزارها و معماری |
عنوان انگلیسی مقاله | Cyber Ranges and Security Testbeds: Scenarios, Functions, Tools and Architecture |
انتشار | مقاله سال 2020 |
تعداد صفحات مقاله انگلیسی | 62 صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
پایگاه داده | نشریه الزویر |
نوع نگارش مقاله |
مقاله پژوهشی (Research Article) |
مقاله بیس | این مقاله بیس نمیباشد |
نمایه (index) | Scopus – Master Journals List – JCR |
نوع مقاله | ISI |
فرمت مقاله انگلیسی | |
ایمپکت فاکتور(IF) |
4.337 در سال 2019 |
شاخص H_index | 77 در سال 2020 |
شاخص SJR | 0.667 در سال 2019 |
شناسه ISSN | 0167-4048 |
شاخص Quartile (چارک) | Q1 در سال 2019 |
مدل مفهومی | ندارد |
پرسشنامه | ندارد |
متغیر | ندارد |
رفرنس | دارد |
رشته های مرتبط | مهندسی فناوری اطلاعات، مهندسی کامپیوتر |
گرایش های مرتبط | اینترنت و شبکه های گسترده، امنیت اطلاعات |
نوع ارائه مقاله |
ژورنال |
مجله | رایانه و امنیت – Computers & Security |
دانشگاه | Norwegian University of Science and Technology, Department of Information Security and Communication Technology, Teknologivegen 22, Oppland, Norway |
کلمات کلیدی | دامنه سایبری، بستر آزمون امنیتی، سناریوها، امنیت سایبری، استعمال امنیتی |
کلمات کلیدی انگلیسی |
Cyber range، Security testbed، Scenarios، Cyber security، Security exercise
|
شناسه دیجیتال – doi |
https://doi.org/10.1016/j.cose.2019.101636 |
کد محصول | E14528 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
فهرست مطالب مقاله: |
Abstract 1. Introduction 2. Related work 3. Methodology 4. Analysis of results 5. Synthesis 6. Discussion and conclusion Declaration of Competing Interest Appendix A. Appendix: Citation Data References |
بخشی از متن مقاله: |
Abstract
The first line of defense against cyber threats and cyber crimes is to be aware and get ready, e.g., through cyber security training. Training can have two forms, the first is directed towards security professionals and aims at improving understanding of the latest threats and increasing skill levels in defending and mitigating against them. The second form of training, which used to attract less attention, aims at increasing cyber security awareness among non-security professionals and the general public. Conducting such training programs requires dedicated testbeds and infrastructures that help realizing and executing the training scenarios and provide a playground for the trainees. A cyber range is an environment that aims at providing such testbeds. The purpose of this paper is to study the concept of a cyber range, and provide a systematic literature review that covers unclassified cyber ranges and security testbeds. In this study we develop a taxonomy for cyber range systems and evaluate the current literature focusing on architecture and scenarios, but including also capabilities, roles, tools and evaluation criteria. The results of this study can be used as a baseline for future initiatives towards the development and evaluation of cyber ranges in accordance with existing best practices and lessons learned from contemporary research and developments. Introduction The recent security incidents worldwide have shown that there is an increase in the complexity and severity of cyber security threats. The attackers become more organized and the attack vectors are using more advanced and automated techniques and tools. The first line of defense against such attacks is increasing cyber security awareness in the public and security skills among the security professionals, in order to be ready and aware of the latest threat techniques and tools. These training programs include the execution of cyber security labs and exercises. In general terms, we define a cyber security exercise as a training exercise that runs attack and/or defense scenarios on virtual and/or physical environments with the aim of improving the attack and/or defence understandings and skills of the participants. Different groups of people are involved in preparing and executing such exercises. A groups of individuals, known as a white team, creates the training environment. Another group, known as a red team, tries to exploit vulnerabilities present in the environment, while a third group, known as a blue team, tries to defend the environment and prevent attacks. These are the main basic roles for those who are involved in an exercise. More comprehensive list of all roles within an exercises is discussed later in the chapter. Please note that we use the term security exercise for any practical training or awareness activity. |