Adaptive Cyber-Security Testbed

Motivation

Intelligent and autonomous security solutions require a secure environment in which these solutions can be evaluated. The Autonomous Cybersecurity Testbed serves us for the evaluation of security applications, the study of behavior for network applications and the analysis of malware. We rely on a combination of real hardware, container and virtualization technologies. The testbed is continuously extended and updated within the framework of ongoing and planned research projects.

Goals

For research and teaching at CC SEC and in projects of AC Cyber & Public Security it is indispensable to be able to create reproducible and verifiable test environments and experiments. The Autonomous CyberSecurity Testbed provides the hardware on the one hand and tools on the other hand to make this possible. For the creation and maintenance of test environments as well as for the execution of experiments, the use of Infrastructure as Code (IaC) approaches is heavily relied on. For experiments in research projects, a mixed environment of workstations, network equipment, a server cluster for virtualization, a high-performance computing solution and a data storage server is available. Furthermore, the testbed contains a series of Raspberry Pis, which can also be used for tasks in the teaching of the CC SEC.

Technology

For the definition, execution and data collection in experiments the following technologies are used in the testbed:

  • vSphere
  • docker
  • cubernetes
  • packers
  • terraform
  • ansible
  • ELK stack

Furthermore, the testbed includes various network monitoring and security solutions, such as:

  • OpenVAS
  • SecurityOnion
  • suricata
  • CheckMK