Data on cyber attacks from security competitions

Research on cyber security suffers from the difficulties of obtaining reliable data on cyber-attacks and cyber security processes. In this project FOI will improve the realism of the data produced during FOI-hosted cyber security exercises, competitions and courses.

Within the field of cyber security there is a need of data related to cyber-attacks. There are several reasons for the lack of empirical data. Data related to security (e.g., incidents and security mechanisms used) are sensitive and often treated as confidential by organisations. Also, if actual incident data would become publicly available for a representative sample of organisations, it could be difficult to draw general conclusions from it. For example, if organisations would report their cyber security solutions and the incidents they have experienced, this data would probably be biased because of the incidents they have failed to detect (e.g., cases when confidential data is read by unauthorized persons).  This naturally limits the availability of relevant data for research in the field.

FOI owns a computer cluster (CRATE) comprising over 400 severs which is built to host practical exercises, competitions and courses in cyber security. Events of this type make it possible to construct experimental setups in a realistic environment, with real attacks, real attackers and real defenders. With the funds from VINNOVA FOI will improve the realism of the data produced from FOI-hosted exercises, competitions and courses in cyber security.  The project will address legal issues, generation of background traffic through scripts emulating computer users and installation and tuning of an infrastructure for capturing logs of various kinds.


Teodor Sommestad

Senior Scientist