Serious Games as a Tool to Model Attack and Defense Scenarios for Cyber-Security Exercises
Peer reviewed, Journal article
Accepted version
Åpne
Permanent lenke
https://hdl.handle.net/11250/2826296Utgivelsesdato
2021Metadata
Vis full innførselSamlinger
Originalversjon
https://doi.org/10.1016/j.cose.2021.102450Sammendrag
Technology is evolving rapidly; this poses a problem for security specialists and average citizens as their technological skill sets are quickly made obsolete. This makes the knowledge and understanding of cyber-security in a technologically evolving world difficult. Global IT infrastructure and individuals’ privacy are constantly under threat. One way to tackle this problem is by providing continuous training and self-learning platforms. Cyber-security exercises can provide a necessary platform for training people’s cyber-security skills. However, conducting cyber-security exercises with new and unique scenarios requires comprehensive planning and commitment to the preparation time and resources. In this work, we propose a serious game for the development of cyber-security exercise scenarios. The game provides a platform to model simulated cyber-security exercise scenarios, transforming them into an emulated cyber-security exercise environment using domain-specific language (DSL) and infrastructure orchestration. In this game, players can play as cyber attackers or defenders in a multiplayer environment to make operational cyber-security decisions in real-time. The decisions are evaluated for the development of operational cyber-attack and defense strategies.