Analysis of a Cyber Defense Exercise using Exploratory Sequential Data Analysis

摘要

Baltic Cyber Shield 2010 (BCS), a multi-national civil-military cyber defense exercise (CDX), aimed to improve the capability of performing a CDX and investigate how IT attacks and defense of critical infrastructure can be studied. The exercise resulted in a massive dataset to be analyzed and many lessons learned in planning and executing a large-scale multi-national CDX. A reconstruction & exploration (R&E) approach was used to capture incidents such as attacks and defensive countermeasures during the exercise. This paper introduces the usage of R&E combined with exploratory sequential data analysis (ESDA) and discusses benefits and limitations of using these methods for analyzing multi-national cyber defense exercises. Using ESDA we were able to generate statistical data on attacks from BCS, such as number of reported attacks by the attackers and the defenders on different type of services. Initial results from these explorations will be analyzed and discussed.