Abstract
With the lack of security awareness, people are easy to become malicious programs’ target. Hence, it is important to educate people to know how the hackers intrude the systems. In this paper, we propose a platform that combining agent and virtualization technologies to build an interactive security training platform with which people can easily get security training. In our system, all malicious programs are contained in virtual machines, and by installing an agent in the virtual machine, our system can record trainee’s operations to the malicious program, then decide what situation the trainee may face and what steps should follow up to accomplish attack or defense in hands-on labs according to the results of trainee’s previous operations. This kind of interactivity as well as the individualized learning experience will decrease the disadvantage of “single size fit all” which is generally associated with traditional security training courses.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chen, L.C., Tao, L.: Hands on Teaching Modules for Secure Web Application Development. In: ACM SIGCSE Workshop, p. 27 (2011)
Du, W., Wang, R.: SEED: A Suite of Instruction Laboratories for Computer Security Education. Journal on Educational Resources in Computing 8 (2008)
Franklin, S., Graesser, A.: Is It an Agent, or Just a Program?: A Taxonomy for Autonomous Agents. In: Jennings, N.R., Wooldridge, M.J., Müller, J.P. (eds.) ECAI-WS 1996 and ATAL 1996. LNCS, vol. 1193, pp. 21–35. Springer, Heidelberg (1997)
HyBi Working Group:The Web Socket protocol, IETF, Standards Track, pp. 1-69 (2011), http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10
Tao, L., Chen, L.C., Lin, C.T.: Virtual Open-Source Labs for Web Security Education. In: International Conference on Education and Information Technology, WCECS 2010, San Francisco, vol. I, pp. 280–285 (2010)
Tschudin, C., Gold, R.: Network pointers. In: 1st ACM Hotnets Workshop ACM SIGCOMM Computer Communication Review, New York, vol. 33, pp. 23–28 (2003)
Volvnkin, A., Skormin, V.: Large-scale Reconfigurable Virtual Testbed for Information Security Experiments, Conference of Testbeds and Research Infrastructure for the Development of Networks and Communities, Florida (2007)
Willems, C., Dawoud, W., Klingbeil, T., Meinel, C.: Protecting Tele-Lab – attack vectors and countermeasures for a remote virtual IT security lab. International Journal of Digital Society 1, 113–122 (2010)
Yang, T.A.: Computer security and impact on computer science education. Journal of Computing Sciences in Colleges 16, 233–246 (2001)
Django Software Foundation, https://www.djangoproject.com/
OWASP, Top 10 for (2010), https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
The Open Web Application Security Project (OWASP) WebGoat Project, https://www.owasp.org/
Xen, http://xen.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, YM., Chuang, CE., Liu, HC., Ni, CY., Wang, CT. (2011). Using Agent in Virtual Machine for Interactive Security Training. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-27189-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27188-5
Online ISBN: 978-3-642-27189-2
eBook Packages: Computer ScienceComputer Science (R0)