Cybersecurity Training and Analysis

Current research in the Laboratory of Software Architectures and Information Systems, Lasaris, at the Faculty of Informatics, Masaryk University, is focused on data analysis in the cybersecurity domain.

Subtopics: Visual analytics for cybersecurity training | Behavioral modeling and analysis | Digital forensics

Related projects:

2020 – 2022

Research of New Technologies to Increase the Capabilities of Cybersecurity Experts (KYPOLAB)

My role: Member of the research team, leader of the work package “SW for the evaluation of cybersecurity training”.

2018 – 2022

2016 – 2019

Simulation, detection, and mitigation of cyber threats endangering critical infrastructure (KYPO II)

My role: Co-investigator (leader at FI MU, software architect, head of the “visualization” research team).

2013 – 2015

Cybernetic Proving Ground (KYPO)

My role: Co-investigator (leader at FI MU, head of the “visualization” research team).

The project was awarded by the Ministry of Interior for the exceptional results in the field of security research.

Subtopic: Visual analytics for cybersecurity training

Operational networks are not suitable for building and studying knowledge of cyber threats and training responses to them. Therefore, we develop and operate a flexible, scalable, and sophisticated cyber range since 2013, which serves as a virtual environment where hands-on cybersecurity training can be organized.

From the very beginning, we put emphasis on user experience, user-centered design of user interfaces, and the support of learning and visual analytics. Data collected from training sessions are analyzed in order to continuously improve the quality of training sessions and increase the impact on the trainees. Our research aims to provide visual situational awareness, insight into the abstract cybersecurity processes and threats, storytelling, and advanced analytical tools.

Software:

The KYPO Cyber Range Platform is used as a training platform for the regular education of students of Masaryk University as well as for the organization of the biggest cyber defense exercise in the Czech Republic called Cyber Czech (in cooperation with Czech NSA). In 2021 released as an open-source!

Selected publications:

Optimization of Cyber Defense Exercises Using Balanced Software Development Methodology

OŠLEJŠEK, Radek and Tomáš PITNER

International Journal of Information Technologies and Systems Approach (IJITSA). 2021

Details Publisher

Conceptual Model of Visual Analytics for Hands-on Cybersecurity Training

OŠLEJŠEK, R.V. RUSŇÁKK. BURSKÁV. ŠVÁBENSKÝ, J. VYKOPAL and J. ČEGAN

IEEE Transactions on Visualization and Computer Graphics (TVCG). 2020

Details PDF Publisher Trailer VIS'20 talk

Visual Feedback for Players of Multi-Level Capture the Flag Games: Field Usability Study.

OŠLEJŠEK, RadekVít RUSŇÁKKarolína BURSKÁValdemar ŠVÁBENSKÝ and Jan VYKOPAL

IEEE Symposium on Visualization for Cyber Security (VizSec’19). 2019

Details PDF Publisher Trailer

Timely Feedback in Unstructured Cybersecurity Exercises.

VYKOPAL, JanRadek OŠLEJŠEKKarolína BURSKÁ and Kristína ZÁKOPČANOVÁ

ACM Technical Symposium on Computer Science Education (SIGCSE’18). 2018

Details PDF Publisher

KYPO Cyber Range: Design and Use Cases.

VYKOPAL, JanRadek OŠLEJŠEKPavel ČELEDA, Martin VIZVÁRY and Daniel TOVARŇÁK

International Conference on Software Technologies (ICSOFT’17). 2017

Details PDF Publisher

Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range.

VYKOPAL, Jan, Martin VIZVÁRY, Radek OŠLEJŠEKPavel ČELEDA and Daniel TOVARŇÁK

IEEE Frontiers in Education (FIE’17). 2017

Details PDF Publisher

>> all publications

Subtopic: Behavioral modeling and analysis

Practical cybersecurity training is strongly process-oriented. There is no tangible output like code to be assessed or compared. Instead, trainees have to solve tasks, e.g, “scan the network and find vulnerable server” or “exploit the vulnerability to hack the server”. Therefore, process reconstruction and analysis are required to study behavioral patterns or to measure the quality of training sessions. We address these issues in two ways: (a) by designing models and simulations of cooperation strategies on complex networks, and (b) focusing on cybersecurity process discovery, compliance analysis, and behavior analysis for hands-on training programs by means of process mining techniques.

Selected publications:

The Prisoner’s Dilemma in the Workplace: How Cooperative Behavior of Managers Influence Organizational Performance and Stress

SPURNÝ, JosefIvan KOPEČEKRadek OŠLEJŠEKJaromír PLHÁK and Francesco CAPUTO

Kybernetes. 2021

Details Publisher

Simulating the Impact of Cooperation and Management Strategies on Stress and Economic Performance

DAŇA, JosefIvan KOPEČEKRadek OŠLEJŠEK and Jaromír PLHÁK

Hawaii International Conference on System Sciences. (HICSS’19). 2019

Details PDF Publisher

>> all publications

Subtopic: Digital forensics

The CSIRT team (Computer Security Incident Response Team) of Masaryk University is responsible for the investigation of suspicious computers connected to the university network. Together with them, we develop advanced visual and exploratory techniques to support the forensic investigation processes. We primarily focus on the analysis of file systems using user-centered design and visual techniques.

Software:

The FIMETIS (FIlesystem METadata analysIS) tool is developed in cooperation with the CSIRT (Computer Security Incident Response Team) team of Masaryk University, which is responsible for the investigation of cybersecurity incidents in the university network. Together with them, we develop advanced visual and exploratory techniques to support the forensic investigation processes. We primarily focus on the analysis of file systems using user-centered design and visual techniques.

Selected publication:

Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

BERAN, Michal, František HRDINA, Dan KOUŘIL, Radek, OŠLEJŠEK, and Kristína ZÁKOPČANOVÁ

IEEE Symposium on Visualization for Cyber Security (VizSec’20). 2020

Details PDF Trailer Demo VisSec'20 talk

>> all publications