Russian Federation
The purpose of the article is to study the possibilities of modern technology and the concept of cyberpolygons for solving practical problems aimed at improving the stability and security of computer systems by improving the quality of training. In the context of a sharp increase in the number of computer attacks on the information infrastructure, it becomes very important to introduce modern information technologies into the training of specialists. In the developed countries of the world, cyberpolygons are actively used in teaching modern information security practices. Cyberpolygon technology based on simulation of cyber threats in a secure environment has been proven to be effective for the protection of systems and networks for almost two decades of its use in the world's leading universities. Practice has shown the particular importance in the training of personnel in modern methods of protection against computer attacks. As a result of research and generalization of foreign experience in applying a practice-oriented approach using cyberpolygons, the author comes to the conclusion that it is expedient to introduce them into the educational process of leading industry and departmental higher educational institutions in order to increase the effectiveness of consolidating knowledge, gaining skills in the field of information security, and developing competencies , allowing for further large-scale transformations in the field of digitalization of public administration.
cyberpolygon, training, modeling, cyberthreats, computer attack
1. Ait cyber range: Flexible cyber security environment for exercises, training and research: In Proc. of the 1st European Interdisciplinary Cybersecurity Conference (EICC’20) / M. Leitner [et al.]. Rennes, France, 2020. P. 1-6.
2. Cyber ranges and testbeds for education, training, and research / N. Chouliaras [et al.] // Applied Sciences. 2021. № 11 (4). P. 1809-1831.
3. Brilingaite A., Bukauskas L., Kutka E. Development of an educational platform for cyber defence training: In Proc. of the 16th European Conference on Cyber Warfare and Security (ECCWS’17). Dublin, Ireland, 2017. P. 73-81. Academic Conferences International Limited.
4. Kypo cyber range: Design and use cases: In Proc. of the 12th International Conference on Software Technologies (ICSOFT’17) / J.Vykopal [et al.]. Madrid, Spain. 2017. P. 310-321. SciTePress.
5. Karjalainen M., Kokkonen T. Comprehensive cyber arena; the next generation cyber range: In Proc. of the 4th IEEE European Symposium on Security and Privacy Workshops (EuroS&PW’20). Genoa, Italy. 2020. P. 11-16. IEEE.
6. Yamin M.M., Katt B., Gkioulos V. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Comput. Secur. 2020. № 88. P. 101636.
7. Jiyeon KIM, Hyung-Jong Kim. Defining Security Primitives for Eliciting Flexible Attack Scenarios Through CAPEC Analysis // Information Security Applications. WISA 2014. Lecture Notes in Computer Science. Springer, Cham. 2015. Vol. 8909. P. 370-382.
8. Sarjoughian H. Introduction to DEVS modeling &simulation with JAVA: Developing component-based simulation models // Arizona State University. 2005.
9. Ingalls Ricki G. Introduction to simulation: in Proc. of the 40th Conference on Winter Simulation. Winter Simulation Conference. 2008.
10. Whitley John N. Attribution of attack trees. Computers&Electrical Engineering. 2011. № 37 (4). P. 624-628.
11. Saini Vineet, Qiang Duan, Vamsi Paruchuri. Threat modeling using attack trees // Journal of Computing Sciences in Colleges. 2008. № 23 (4). P. 124-131.
12. Have it your way: Generating customized log datasets with a model-driven simulation testbed / M. Landauer [et al]. Transactions on Reliability. 2021. № 70 (1). S. 402-415. IEEE.
13. Obuchenie metodam obnaruzheniya komp'yuternyh atak na baze kiberpoligona kafedry «Informacionnoj bezopasnosti» RTU (MIREA) / A.P. Kovalenko [i dr.] // Metody i tekhnicheskie sredstva obespecheniya bezopasnosti informacii. 2021. № 30. S. 39-44.
14. Davies J., Margat S. Review of cyberproving grounds and test benches (№ DSTO-GD-0771) // Cyber Electronic Warfare Division, Defense Science and Technology Organization DSTO, Edinburgh, AU 5111. Australia. 2013.
15. Pravila predostavleniya subsidij iz federal'nogo byudzheta na vvedenie v ekspluataciyu i obespechenie funkcionirovaniya kiberpoligona dlya obucheniya i trenirovki specialistov i ekspertov raznogo profilya, rukovoditelej v oblasti informacionnoj bezopasnosti i informacionnyh tekhnologij sovremennym praktikam obespecheniya bezopasnosti (s izm. i dop. ot 27 fevr. 2021 g.; utv. postanovleniem Pravitel'stva Ros. Federacii ot 12 okt. 2019 g. № 1320). Dostup iz sprav.-pravovogo portala «Garant».
16. Zhukov M.M., Barkalov Yu.M., Telkov A.Yu. Metodologicheskij podhod k imitacionnomu modelirovaniyu pri issledovanii prakticheskoj effektivnosti sistem zashchity ot setevyh kiberatak // Vestnik Voronezhskogo instituta MVD Rossii. 2022. № 1. S. 24-39.
17. Cifrovye tekhnologii i problemy informacionnoj bezopasnosti / pod red. E.V. Stel'mashonok, I.N. Vasil'evoj. SPb.: Izd-vo SPbGEU, 2021. 163 s.
18. Ferette L. European Union Agency for Cybersecurity. The 2015 report on national and international cyber security exercises: survey, analysis and recommendations, European Network and Information Security Agency. 2015.
19. A targeted attack for enhancing resiliency of intelligent intrusion detection modules in energy cyber physical systems: In 19th International Conference on Intelligent System Application to Power Systems (ISAP) / El. Hariri M. [et al.]. 2017. P. 1-6. IEEE.
20. Vasil'ev V.I., Kirillova A.D., Vul'fin A.M. Kognitivnoe modelirovanie vektora kiberatak na osnove metashablonov CAPEC // Voprosy kiberbezopasnosti. 2021. № 2 (42).
21. Lessons learned from complex hands-on defence exercises in a cyber range: In Proc. of the 47th IEEE Frontiers in Education Conference (FIE’17) / J. Vykopal [et al.]. Indianapolis, Indiana, USA. 2017. P. 1-8. IEEE.
22. AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research / Leitner Maria [et al.] // Proceedings of the European Interdisciplinary Cybersecurity Conference. 2020. P. 49.
23. Abramov E.S., Andreev A.V., Mordvin D.V. Primenenie grafov atak dlya modelirovaniya vredonosnyh setevyh vozdejstvij // Izvestiya Yuzhnogo federal'nogo universiteta. Tekhnicheskie nauki. 2012. № 126 (1). S. 165-174.
24. Kurilov F.M. Modelirovanie sistem zashchity informacii. Prilozhenie teorii grafov // Tekhnicheskie nauki: teoriya i praktika: materialy III Mezhdunar. nauch. konf. Chita: Izd-vo Molodoj uchenyj, 2016. S. 6-9.
25. Zeigler Bernard P., Herbert Praehofer, Tag Gon Kim. Theory of modeling and simulation. 2nd edition, Academic Press, 2000 // Theory of Modeling and Simulation: Integrating Discrete Event and Continuous Complex Dynamic Systems.
26. GOST R 53114-2008. Zashchita informacii. Obespechenie informacionnoj bezopasnosti v organizacii. Osnovnye terminy i opredeleniya. URL: htth://base.garant.ru (data obrashcheniya: 24.04.2023).
27. Butyrskij E.Yu., Matveev A.V. Matematicheskoe modelirovaniya sistem i processov. SPb.: Strategiya budushchego, 2022. 733 s.
28. Metel'kov A.N. Kiberucheniya: zarubezhnyj opyt zashchity kriticheskoj infrastruktury // Pravovaya informatika. 2022. № 1. S. 51-60.
29. The Current State of The Art and Future of European Cyber Range Ecosystem / C. Virág [et al.]. 2021 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece. 2021. P. 390-395.
30. User Behavior Simulation in ICS Cyber Ranges: 19th Annual International Conference on Privacy / C. Liu [et al.]. Security&Trust (PST), Fredericton, NB, Canada. 2022. P. 1-5.
31. Matveev A.V., Metel'kov A.N., Shestakov A.V. Riski kiberatak: likvidaciya posledstvij proyavlenij kiberterrorizma i chrezvychajnyh situacij // Vestnik Voronezhskogo instituta FSIN Rossii. 2023. № 1. S. 98-106. EDN AYXLTO.
32. Metodika tekhniko-ekonomicheskoj ocenki variantov postroeniya organizacionno-tekhnicheskoj sistemy klassa «kiberpoligon» / A.V. Matveev [i dr.] // Inzhenernyj vestnik Dona. 2023. № 6. URL: http://www.ivdon.ru/ru/magazine/archive/n6y2023/8474/.
