MUNI KYPO
RESEARCH

We research methods for teaching cybersecurity skills, and we conduct applied research on interactive environments for cybersecurity education.

Research Areas

  • We research a wide range of cybersecurity topics. Our current projects span network measurement and traffic analysis, network security, and testbeds for security.

  • We study ways to improve the technologies and skills of security teams.

  • We build systems and prototypes, and much of the research is grounded in operational deployment.

Testbeds for Security

  • We aim at building knowledge of new cyber threats and training in correct and timely responses to them.

  • We research innovative methods for learning cutting-edge cybersecurity skills.

  • We develop virtualized, controlled, and monitored environments to provide complex simulations of cyber systems and networks. 

How to Cite Our Work?

You can cite two research papers to reference our activities or the KYPO Cyber Range Platform.

 

  • The first one describes a technical innovation for scalable teaching of cybersecurity hands-on classes using interactive learning environments KYPO Cyber Range Platform and Cyber Sandbox Creator.

SCALABLE LEARNING ENVIRONMENTS FOR TEACHING CYBERSECURITY HANDS-ON

  • The second one summarizes our observations from organizing and carrying out cyber defence exercises at the KYPO Cyber Range Platform.

Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range

Selected Papers

SCALABLE LEARNING ENVIRONMENTS FOR TEACHING CYBERSECURITY HANDS-ON

  • This Innovative Practice full paper describes a technical innovation for scalable teaching of cybersecurity hands-on classes using interactive learning environments.

  • We present our research effort and practical experience in designing and using learning environments that scale up hands-on cybersecurity classes.

  • The environments support virtual networks with full-fledged operating systems and devices that emulate real-world systems. The classes are organized as simultaneous training sessions with cybersecurity assignments and learners' assessment. 

  • The environment can be repeatedly created for different classes on a massive scale or for each student on-demand.

  • Moreover, our approach enables learning analytics and educational data mining of learners' interactions with the environment.

  • These analyses inform the instructor about the student's progress during the class and enable the learner to reflect on a finished training. Thanks to this, we can improve the student class experience and motivation for further learning.

  • The learners value the realistic nature of the environments that enable exercising theoretical concepts and tools. The instructors value time-efficiency when preparing and deploying the hands-on activities.

  • Engineering and computing educators can freely use our software, which we have released under an open-source license.

  • We also provide detailed documentation and exemplary hands-on training to help other educators adopt our teaching innovations and enable sharing of reusable components within the community.

  • You can also check our video that summarizes the key messages of the paper.

MORE INFORMATION

KYPO CYBER RANGE: DESIGN AND USE CASES

  • The physical and cyber worlds are increasingly intertwined and exposed to cyber attacks. The KYPO cyber range provides complex cyber systems and networks in a virtualized, fully controlled and monitored environment.

  • Time-efficient and cost-effective deployment is feasible using cloud resources instead of dedicated hardware infrastructure.

  • This paper describes the design decisions made during its development.

  • We prepared a set of use cases to evaluate the proposed design decisions and to demonstrate the key features of the KYPO cyber range. It was especially cyber training sessions and exercises with hundreds of participants who provided invaluable feedback for KYPO platform development.

MORE INFORMATION

LESSONS LEARNED FROM COMPLEX HANDS-ON DEFENCE EXERCISES IN A CYBER RANGE

  • This paper presents the experience gained from the preparation and execution of cyber defence exercises involving various participants in a cyber range.

  • The exercises follow a Red vs Blue team format. The Red team conducts malicious activities against emulated networks and systems that have to be defended by Blue teams of learners. Although this exercise format is popular and used worldwide by numerous organizers in practice, it has been sparsely researched.

  • We contribute to the topic by describing the general exercise life cycle, covering the exercise's development, dry run, execution, evaluation, and repetition.

  • Each phase brings several challenges that exercise organizers have to deal with. We present lessons learned that could help organizers to prepare, run and repeat successful events systematically, with lower effort and costs, and avoid a trial-and-error approach that is often used.

MORE INFORMATION

TRAFFIC AND LOG DATA CAPTURED DURING A CYBER DEFENSE EXERCISE

  • Cybersecurity research relies on relevant datasets providing researchers with a snapshot of network traffic generated by current users and modern applications and services.

  • The lack of datasets coming from a realistic network environment leads to the inefficiency of newly designed methods that are not useful in practice.

  • This data article provides network traffic flows and event logs (Linux and Windows) from a two-day cyber defence exercise involving attackers, defenders, and fictitious users operating in a virtual exercise network.

  • The data are stored as structured JSON, including data schemes and data dictionaries, ready for direct processing. The network topology of the exercise network in NetJSON format is also provided.

MORE INFORMATION

CONCEPTUAL MODEL OF VISUAL ANALYTICS FOR HANDS-ON CYBERSECURITY TRAINING

  • Hands-on training is an effective way to practice theoretical cybersecurity concepts and increase participants’ skills.

  • This paper discusses the application of visual analytics principles to the design, execution, and evaluation of training sessions.

  • We propose a conceptual model employing visual analytics that supports the sensemaking activities of users involved in various phases of the training life cycle.

  • The model emerged from our long-term experience in designing and organizing diverse hands-on cybersecurity training sessions. It provides a classification of visualizations and can be used as a framework for developing novel visualization tools supporting phases of the training life-cycle.

  • We demonstrate the model application on examples covering two types of cybersecurity training programs.

MORE INFORMATION

Major Projects

KYPO II

  • The project was focused on research and development of tools for economically-and-time efficient simulation of real Critical Information Infrastructures, detecting cyber threats, and then mitigation.

  • The created tools provide support for automated preparation and execution of security teams’ training and exercises. 

KYPOLAB

  • The goal of this project is to research methods and develop software for enhancing cybersecurity knowledge and skills. The software will enable designing and running a new format of hands-on training using cybersecurity games.

  • Automation and adaptivity of the learning process within these games will individualize the training and increase the number of trainees. The results of the project will be used to improve the competencies of experts who are in charge of securing Czech cyberspace.

CONCORDIA

  • One of four projects established as an appeal of EU's Horizont 2020 that deals with cybersecurity policies in the EU.

  • The four-year project CONCORDIA started in January 2019 to connect cybersecurity competencies throughout Europe and build the ecosystem of cybersecurity. Its outcomes lead to strengthening European cybersecurity and digital sovereignty. 

CyberSec4Europe

  • CyberSec4Europe's vision is the European Union that possesses all the skills necessary to secure and maintain a democratic society aligned with European constitutional values, particularly regarding the protection of shared data and privacy.

  • The CyberSec4Europe consortium consists of 43 partners from 22 Member States of the European Union and associated countries dedicated to research, development, and testing in the field of cybersecurity.

You are running an old browser version. We recommend updating your browser to its latest version.

More info