Automated execution and evaluation of network-based training exercises
First Claim
1. A method comprising:
- providing a training environment that includes a control and monitoring system, an attack system, and a target system that are each executable by one or more processors and that each comprise one or more virtual machines, and wherein the training environment is configured to monitor and respond to actions specified by a human trainee, the human trainee using the target system and participating in the training environment;
initiating, by the control and monitoring system, a training scenario within the training environment to cause the attack system to engage in a simulated attack against the target system;
in response to the simulated attack against the target system, performing, by the target system, an action that is specified by the human trainee;
updating a state of the target system based upon the action performed by the target system and specified by the human trainee;
collecting, by the control and monitoring system, monitor information associated with the simulated attack against the target system by continuously monitoring the training scenario, wherein collecting the monitor information associated with the training scenario further comprises;
collecting information associated with the action performed by the target system and specified by the human trainee, andreceiving user input from the human trainee indicating a reason for performing the action;
updating a state of the attack system based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee;
generating, by the attack system, dynamic response data according to the updated state of the attack system;
sending the dynamic response data from the attack system to the target system to adapt the training scenario to the action performed by the target system and specified by the human trainee; and
generating, by the control and monitoring system, an automated evaluation of a performance of the human trainee, wherein the automated evaluation is based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee during the simulated attack, and wherein generating the automated evaluation further comprises analyzing the user input to determine if the reason for performing the action is correct according to the training scenario.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.
77 Citations
11 Claims
-
1. A method comprising:
-
providing a training environment that includes a control and monitoring system, an attack system, and a target system that are each executable by one or more processors and that each comprise one or more virtual machines, and wherein the training environment is configured to monitor and respond to actions specified by a human trainee, the human trainee using the target system and participating in the training environment;
initiating, by the control and monitoring system, a training scenario within the training environment to cause the attack system to engage in a simulated attack against the target system;
in response to the simulated attack against the target system, performing, by the target system, an action that is specified by the human trainee;
updating a state of the target system based upon the action performed by the target system and specified by the human trainee;collecting, by the control and monitoring system, monitor information associated with the simulated attack against the target system by continuously monitoring the training scenario, wherein collecting the monitor information associated with the training scenario further comprises; collecting information associated with the action performed by the target system and specified by the human trainee, and receiving user input from the human trainee indicating a reason for performing the action; updating a state of the attack system based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee; generating, by the attack system, dynamic response data according to the updated state of the attack system; sending the dynamic response data from the attack system to the target system to adapt the training scenario to the action performed by the target system and specified by the human trainee; and
generating, by the control and monitoring system, an automated evaluation of a performance of the human trainee, wherein the automated evaluation is based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee during the simulated attack, and wherein generating the automated evaluation further comprises analyzing the user input to determine if the reason for performing the action is correct according to the training scenario.- View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause one or more processors to:
-
provide a training environment that includes a control and monitoring system, an attack system, and a target system that each comprise one or more virtual machines, wherein the training environment is configured to monitor and respond to actions specified by a human trainee, the human trainee using the target system and participating in the training environment; initiate, by the control and monitoring system, a training scenario within the training environment to cause the attack system to engage in simulated attack against the target system; in response to the simulated attack against the target system, perform, by the target system, an action that is specified by the human trainee; update a state of the target system based upon the action performed by the target system and specified by the human trainee; collect, by the control and monitoring system, monitor information associated with the simulated attack against the target system by continuously monitoring the training scenario, wherein collecting the monitor information associated with the training scenario further comprises;
collecting information associated with the action performed by the target system and specified by the human trainee, andreceiving user input from the human trainee indicating a reason for performing the action; update a state of the attack system based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee;
generate, by the attack system, dynamic response data according to the updated state of the attack system;
send the dynamic response data from the attack system to the target system to adapt the training scenario to the action performed by the target system and specified by the human trainee; and
generate, by the control and monitoring system, an automated evaluation of a performance of the human trainee, wherein the automated evaluation is based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee during the simulated attack, and wherein generating the automated evaluation further comprises analyzing the user input to determine if the reason for performing the action is correct according to the training scenario.
-
-
7. A system comprising:
-
one or more processors; one or more non-transitory computer-readable storage media comprising instructions that are executable by the one or more processors; an attack system stored on the one or more non-transitory computer-readable storage media and executable by the one or more processors, wherein the attack system comprises one or more virtual machines; a target system stored on the one or more non-transitory computer-readable storage media and executable by the one or more processors, wherein the target system comprises one or more virtual machines; and a control and monitoring system stored on the one or more non-transitory computer-readable storage media and executable by the one or more processors, wherein the control and monitoring system comprises one or more virtual machines, the control and monitoring system being configured to initiate, within a training environment, a training scenario that causes the attack system to engage in a simulated attack against the target system, and further configured to collect monitor information associated with the simulated attack by continuously monitoring the training scenario, the training environment being configured to monitor and respond to actions specified by a human trainee, the human trainee using the target system and participating in the training environment, wherein in response to the simulated attack against the target system, the target system is configured to perform an action that is specified by the human trainee, wherein the target system updates its state based upon the action performed by the target system and specified by the human trainee, wherein the collected monitor information comprises information associated with the action performed by the target system and specified by the human trainee, and further includes user input from the human trainee indicating a reason for performing the action, wherein the attack system is configured to update a state of the attack system based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee, wherein the attack system is configured to generate dynamic response data according to the updated state of the attack system and to send the dynamic response data to the target system to adapt the training scenario to the action performed by the target system and specified by the human trainee, and wherein the control and monitoring system is configured to generate an automated evaluation of a performance of the human trainee, wherein the automated evaluation is based upon the collected monitor information that is associated with the action performed by the target system and specified by the human trainee during the simulated attack, and wherein generating the automated evaluation includes analyzing the user input to determine if the reason for performing the action is correct according to the training scenario. - View Dependent Claims (8, 9, 10, 11)
-
Specification