A platform for Network Analysis: IT managers will improve their security skills through gaming

28. March 2022

If you want to protect yourself against cyberattacks, you must think like a hacker. The companies’ IT managers can prepare a better defence against cybercriminals by practicing on a new open platform.

If one day you forget your house keys and have locked yourself out, how will you get in? Is there a loose window frame somewhere, or is the lock weak and can be broken with a little ingenuity? In other words: How would a burglar get in?

This is exactly the mindset you need to have if you want to protect yourself against a cyberattack. Thus, the development of a new, free platform that can help you practice and prepare for such a scenario.

‘One of the biggest challenges in cybersecurity right now is the lack of skills, and here our platform can help increase the competency level in Danish companies,’ says Professor at Aalborg University Jens Myrup Pedersen, the project lead on the Cyberboost project ‘Platform for Network Analysis’, supported by Cyber Hub.

The project is finished and incorporated at Aalborg University since the research group has special knowledge of and experience with building virtual environments. The platform will continue to be developed as part of a Ph.D. project.

Red team – Blue team

The open-source platform automatically generates a virtual training environment, based on scenarios that eventually can be adapted to the needs of any company, with a single touch of a button. Thereupon, the game imitates the company’s systems, allowing IT security managers to practice defending the company.

In virtual, realistic environments, attackers, and defenders (red team and blue team) can fight against each other as they would in a computer game. In this project, partners have worked with game elements and divided the simulation into three parts.

In the first part, the players familiarise themselves with the scenario as red team and blue team, respectively. In the second part, the red team attacks connected devices in a predefined network scenario, while the blue team attempts to locate the red team. In the third and final part, both teams compare what the blue team has observed about the red team’s approach. Consequently, the two teams discuss, how the attacking team might have hidden its footprints better, as well as how the defending team might have discovered parts of the attack that they had missed.

Close development cooperation

The project partners – Aalborg University, Business Academy Aarhus, JN Data, EnergiCert, and Combitech – have worked closely together to ensure that companies’ needs are met.

Business Academy Aarhus has contributed with knowledge about technologies and helped ensure that what is developed is relevant and will be embedded in educational setups outside universities.

Companies representing the energy, finance, and security industry participated in the development of the project’s roadmap, providing ongoing testing and feedback, so the platform can be widely used in Danish companies.

The overriding motivation to help develop and test an open-source training platform is ‘to help wherever we can’, says Kenneth Jørgensen from EnergiCERT – a joint cyber unit of Danish Energy, Energinet, and the Danish District Heating Association:

‘We want to inspire young people who are interested in the field of cyber security and help promote education in cybersecurity’.

Available to everyone

The project has created a well-functioning platform under constant development aiming to deliver more specific environments and scenarios. Thereby, making it easier to create courses/scenarios targeted at specific companies and industries, e.g., by including specific virtual devices, including OT and IoT devices.

In the long term, the platform can also be used to study how specific malware spreads in networks and systems and thereby, assist with forensics tasks where one examines the digital fingerprints from hacking attacks.

The platform is open-source and is located on Github (https://github.com/aau-network-security/defatt). This means that it is available free of charge to all companies that want to use it and that companies or educational institutions may contribute to the further development of the general platform or develop their versions for more specific purposes.

The virtualisation platform does not require special equipment or physical frames. It is primarily targeted at IT professionals in companies. The scenarios may reflect different companies, regardless of their sizes but are primarily aimed at companies that have at least one person working technically with IT security.


Project title: Platform for Network Analysis

Project period: January 2021 – December 2021

Project partners: Aalborg University, BAAA (Business Academy Aarhus), JN Data, EnergiCert and Combitech

Financing (including support from Cyber Hub): DKK 917,500 (DKK 300,000)