Cyber security exercises (CSE) are complex learning experiences aimed at developing expert knowledge and competence through simulation. In this paper we examine pedagogical issues relating to CES, from exercise design to training results and evaluation. In addition, we present a Deliberate Practice -oriented view on expert and competence development for CSEs. We use data gathered … Pedagogical Aspects of Cyber Security Exercises
In the cyber domain, situational awareness of the critical assets is extremely important. For achieving comprehensive situational awareness, accurate sensor information is required. An important branch of sensors are Intrusion Detection Systems (IDS), especially anomaly based intrusion detection systems applying artificial intelligence or machine learning for anomaly detection. This millennium has seen the transformation of … Requirements for Training and Evaluation Dataset of Network and Host Intrusion Detection System
The number of intrusions and attacks against data networks and networked systems increases constantly, while encryption has made it more difficult to inspect network traffic and classify it as malicious. In this paper, an anomaly-based intrusion detection system using Haar wavelet transforms in combination with an adversarial autoencoder was developed for detecting malicious TLS-encrypted Internet traffic. … Anomaly-Based Network Intrusion Detection Using Wavelets and Adversarial Autoencoders
Cyber security exercises allow individuals and organisations to train and test their skills in complex cyber attack situations. In order to effectively organise and conduct such exercise, the exercise control team must have accurate situational awareness of the exercise teams. In this paper, the communication patterns collected during a large-scale cyber exercise, and their possible … Blue Team Communication and Reporting for Enhancing Situational Awareness from White Team Perspective in Cyber Security Exercises
Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections … On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks
Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by … Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic
Networked software systems have a remarkable and critical role in the modern society. There are critical software systems in every business area. At the same time, the amount of cyber-attacks against those critical networked software systems has increased in large measures. Because of that, the cyber security situational awareness of the own assets plays an … Architecture for the Cyber Security Situational Awareness System
Nowadays, zero-day Denial-of-Service (DoS) attacks become frighteningly common in high-speed networks due to constantly increasing number of vulnerabilities. Moreover, these attacks become more sophisticated, and, therefore, they are hard to detect before they damage several networks and hosts. Due to these reasons, real-time monitoring, processing and network anomaly detection must be among key features of … Increasing Web Service Availability by Detecting Application-Layer DDoS Attacks in Encrypted Traffic
Exchanging of Situation Awareness information is extremely important for organizations in order to survive as part of the cyber domain. The situation Awareness is required for decision making and for an early warning of upcoming threats. Situation Awareness and the security information in the cyber domain differ from the kinetic domain. Because of that, Situation … Model for Sharing the Information of Cyber Security Situation Awareness between Organizations
Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on … Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol
JYVSECTEC – Jyväskylä Security Technology is an independent research, development, and training center in Finland. We operate as part of Jamk University of Applied Science's Institute of Information Technology.
Jamk University of Applied Sciences, Institute of Information Technology
Piippukatu 2, 40100 Jyväskylä, Finland
jyvsectec@jamk.fi
JYVSECTEC – Jyväskylä Security Technology © 2025 Finland.