Tool Developed by Florida Tech Mimics Real-World Cyber Threats
Cyber Security Students Benefit from VINE in the Classroom
Recently, nearly 40 serious-looking computer science and cyber security students huddled in small groups in the upstairs lab at Florida Tech’s Harris Center for Science and Engineering. They were taking part in an exercise designed to put realistic cybersecurity threats into play so students could apply concepts learned in Marco Carvalho’s Network Security class.
Laptops were snapped open, notepads at the ready. Each team of six students represented a cyber operations unit of a virtual company. The goal of the nearly two-hour long exercise was for teams to defend their cyber property from attack while taking down the services of rival companies. Points were assigned to each team for their ability to maintain their company services and disrupt the services of competing companies.
The exercise was made possible by an an infrastructure software component called VINE developed right here at Florida Tech. Carvalho, associate professor and director of the Harris Institute for Assured Information, Thomas Eskridge, a research professor and Evan Stoner, a research associate initially created the Virtual Infrastructure for Network Emulation as a research tool. Instead of running experiments on a costly and time-intensive physical network, VINE is designed to help users build large-scale emulated testbeds in the cloud, which allows components of the scenario to be modified with ease by a researcher.
Beyond research, VINE has proven to be a valuable classroom tool. Its integrated behavior system can generate realistic network traffic that provides an accurate environment for students to engage in security experiments. To demonstrate a lesson, an administrator can design an attack that students have to understand and defend against. As soon as the attack starts, students immediately jump into action to identify the threat, analyze intent and modify or create a defense based on how the attack plays out in real time.
And students are responding with enthusiasm. “This class is totally different from all the classes I’ve taken,” said Atefeh Mahdavi, Computer Science Grad Student. “It is like working for a real company, we gain an experience that we could potentially have when working for a company in the future.”
On this lab day, a screen at the front of the room showed the state of each team’s five services; if they were secured, compromised or flat out disabled by hackers. As the session was underway, colored lines began to dip and rise on each team’s graph showing a successful attack or defense in real time. As lines started to fall, students scrambled to deploy defenses to stop the attacks before their network services crashed to the bottom of the graph–lifeless. Even when a service goes off line completely, students can learn from the mistake, go back on line, fortify their property and try again.
“It’s a great opportunity for the students to see how this actually works,” said Carvalho who was on hand to help students when they got locked out after losing their service to a hacker or just needed guidance.”They feel both the frustrations and the triumphs.”