CERT Training Platform over the Event-Recordable Container

Abstract

The current COVID-19 pandemic has resulted in many changes in the IT systems and services of institutions, which also heightened the concerns regarding the potential increase in intrusion incidents, especially when most works in institutions are performed at home. The need for pre-training against intrusion incidents has then become extremely necessary. Unfortunately, current learning methods in existing studies are insufficient for application in the present demand because these methods were originally designed for environments that are tailored-fit for learners and not in actual environments. This paper proposes a training system, namely, computer emergency response team (CERT), that can be specifically designed for learners in an institution to provide intrusion-incident cases using a Web-based training system. CERT can easily replicate the service or system in an institution to a honeypot environment to automatically collect and classify intrusion incidents using diverse evaluation criteria so that learning can be achieved from different perspectives. Hence, the institution operating service and system can easily be replicated. Artifacts of intrusion incidents are collected using the Docker container technology and event-recordable container, which are analyzed using a Web browser without installing a separate program. Thus, optimal learning results from the analysis of actual attacks are expected.