Automated execution and evaluation of network-based training exercises
First Claim
1. A method comprising:
- prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises;
receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements;
selecting at least one source document that defines one or more rules for use by the target system; and
configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and
during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee,wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.
94 Citations
22 Claims
-
1. A method comprising:
-
prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises; receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements; selecting at least one source document that defines one or more rules for use by the target system; and configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee, wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause one or more processors to perform operations comprising:
-
prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises; receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements; selecting at least one source document that defines one or more rules for use by the target system; and configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee, wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
one or more processors; and a non-transitory computer-readable storage medium storing instructions that, when executed, cause the one or more processors to; prior to execution of a computer-based training exercise, provide a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein the instructions that cause the one or more processors to provide the virtual environment further cause the one or more processors to; receive a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements; select at least one source document that defines one or more rules for use by the target system; and configure the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, perform, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee, wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification