WO2017126041A1 - Dispositif de formation, procédé de formation, et programme de formation - Google Patents

Dispositif de formation, procédé de formation, et programme de formation Download PDF

Info

Publication number
WO2017126041A1
WO2017126041A1 PCT/JP2016/051505 JP2016051505W WO2017126041A1 WO 2017126041 A1 WO2017126041 A1 WO 2017126041A1 JP 2016051505 W JP2016051505 W JP 2016051505W WO 2017126041 A1 WO2017126041 A1 WO 2017126041A1
Authority
WO
WIPO (PCT)
Prior art keywords
attack
information
scenario
training
function
Prior art date
Application number
PCT/JP2016/051505
Other languages
English (en)
Japanese (ja)
Inventor
健志 浅井
河内 清人
知孝 祢宜
泉 幸雄
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to JP2017562203A priority Critical patent/JP6361837B2/ja
Priority to PCT/JP2016/051505 priority patent/WO2017126041A1/fr
Priority to TW105105827A priority patent/TW201727596A/zh
Publication of WO2017126041A1 publication Critical patent/WO2017126041A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention relates to a training apparatus that trains an operator engaged in a plant or factory so that the operator can take an appropriate response when an accident or abnormal situation occurs.
  • Patent Document 1 a user (training instructor) is a simulation that adjusts the difficulty level of training by changing the number of terminals of the system to be trained and its IP address. An apparatus is disclosed.
  • the present invention has been made to solve the above-described problems, and an object thereof is to provide a general-purpose training apparatus that can automatically generate the same training scenario for a plurality of systems having different system configurations.
  • the training apparatus of the present invention includes an information storage unit that stores functional information indicating the function of the device and attack classification information indicating the classification of the execution step of the cyber attack, and a training target system.
  • System configuration information indicating the information of the device to be configured is input, and the function information of the basic attack scenario including the execution step in which the function information and the attack classification information are associated is rewritten to the device of the system configuration information corresponding to this function information.
  • a scenario generation unit that generates an individual attack scenario that is an individual attack scenario that matches the system configuration information of the training target system.
  • the system configuration information of the training target system is input, and the basic attack scenario expressed by the device function and a series of attack steps is rewritten so as to match the system configuration information.
  • FIG. 2 is a diagram illustrating an example of a hardware configuration of a training device 1 according to Embodiment 1.
  • FIG. 3 is a flowchart showing a flow of operations of the training apparatus 1 according to the first embodiment. It is a figure which shows an example of the training object system used in Embodiment 1.
  • FIG. It is a figure which shows an example of the system configuration information. It is a figure which shows an example of the function information. It is a figure which shows an example of the system configuration information. It is a figure which shows an example of the attack classification information 7.
  • FIG. It is a figure which shows an example of basic attack scenario information.
  • FIG. 4 is a flowchart (part 1) showing a flow of operations of a scenario generation unit 5; 6 is a flowchart (part 2) illustrating the flow of operations of the scenario generation unit 5; 6 is a flowchart (part 3) illustrating a flow of operations of the scenario generation unit 5; 10 is a flowchart (part 4) showing a flow of operations of the scenario generation unit 5; It is a figure which shows an example of the premise step determination information 9. FIG. It is a figure which shows an example of individual attack scenario information.
  • FIG. 1 is a diagram illustrating a configuration example of the training apparatus 1 according to the first embodiment.
  • the training apparatus 1 includes a system configuration input unit 2, a scenario input unit 3, an information storage unit 4, and a scenario generation unit 5.
  • the system configuration input unit 2 displays a list of functional information 6 stored in the information storage unit 4 to a user (teacher) or a training device developer (hereinafter collectively referred to as a user). This is an input interface for inputting system configuration information such as a device name and network name existing in the system in association with the displayed function information 6.
  • the scenario input unit 3 displays the function information 6, the attack classification information 7, and the scenario template 8 stored in the information storage unit 4 to the user, and is a basic attack scenario that the user wants the trainer to train. This is an input interface for inputting attack scenario information.
  • the information storage unit 4 is a memory for storing function information 6, attack classification information 7, scenario template 8, and premise step determination information 9.
  • the scenario generation unit 5 uses the system configuration information input by the system configuration input unit 2, the basic attack scenario information input by the scenario input unit 3, and the premise step determination information 9 stored in the information storage unit 4. To generate individual attack scenarios for individual system configurations.
  • the scenario generation unit 5 includes a determination unit 10, a complement unit 11, and an output unit 12.
  • FIG. 2 is a diagram illustrating an example of a hardware configuration of the training apparatus 1 according to the first embodiment.
  • the training device 1 is a computer, and each component of the training device 1 can be realized by a program.
  • a processor 20 As a hardware configuration of the training apparatus 1, a processor 20, an external storage memory 21, a main storage memory 22, an input interface 23, and an output interface 24 are connected to the bus.
  • the processor 20 is connected to other hardware via a bus and controls these other hardware.
  • the processor 20 is an IC (Integrated Circuit) that performs processing.
  • the processor 20 is a CPU (Central Processing Unit) that executes a program.
  • CPU Central Processing Unit
  • the external storage memory 21 is, for example, a ROM (Read Only Memory), a flash memory, a hard disk device, or the like.
  • the main memory 22 is, for example, a RAM (Random Access Memory).
  • the information storage unit 4 is realized by the external storage memory 21 or the main storage memory 22. Alternatively, the information storage unit 4 may be realized by both the external storage memory 21 or the main storage memory 22.
  • the input interface 23 is a port connected to input devices such as a mouse, a keyboard, and a touch panel. Specifically, the input interface 23 is a USB (Universal Serial Bus) terminal, for example. The input interface 23 may be a port connected to a LAN (Local Area Network).
  • LAN Local Area Network
  • the output interface 24 is a port to which a cable of an output device such as a display is connected.
  • the output interface is, for example, a USB terminal.
  • the display is an LCD (Liquid Crystal Display).
  • the program is normally stored in the external storage memory 21, and is loaded into the main storage memory 22 and sequentially read into the processor 20 and executed.
  • This program is a program that realizes the functions described as the system configuration input unit 2, the scenario input unit 3, the information storage unit 4, and the scenario generation unit 5 that constitute the training apparatus 1.
  • an operating system is also stored in the external storage memory 21, and at least a part of the OS is loaded into the main storage memory 22, and the processor 20 executes the above program while executing the OS.
  • information and data stored in the information storage unit 4 and information, data, signal values, and variable values indicating processing results of the system configuration input unit 2, the scenario input unit 3, and the scenario generation unit 5 are stored in the main memory 22. Stored as a file.
  • the hardware configuration of the training apparatus 1 is not limited to the configuration illustrated in FIG. 2 and may be other configurations. Good.
  • FIG. 3 is a flowchart showing a flow of operation of the training apparatus 1 according to the first embodiment.
  • step S001 the user inputs system configuration information, which is information related to the configuration of a system to be trained, using the system configuration input unit 2.
  • FIG. 4 is a diagram illustrating an example of a training target system used in the first embodiment.
  • the training target system includes a network 1 and a network 2.
  • the operating device 1 (30) and the operating device 2 (31) are connected to the network 1, and the operating device 2 (31), the controller 32, the control target device 1 (33), and the control target device 2 ( 34) is connected.
  • the user inputs a device name existing in the training target system through the system configuration input unit 2.
  • the training apparatus 1 displays a list of functions of the function information 6 stored in advance in the information storage unit 4 for each input device name, and associates the device name with the function to the user. Be able to do it.
  • the training apparatus 1 outputs the system configuration information 1 in which the device name and the function are associated with each other.
  • FIG. 5 is a diagram illustrating an example of the system configuration information 1.
  • the system configuration information 1 includes a device name input by the user and a function selected by the user.
  • FIG. 6 is a diagram illustrating an example of the function information 6.
  • the function information 6 includes a function stored in advance in the information storage unit 4 and a description thereof.
  • the explanation of the function is information for performing input support for the user, and therefore may not be necessary.
  • the training device 1 displays the device name input by the user for the input network name, and allows the user to associate the network name with the device name connected to the network. As a result, the training apparatus 1 outputs system configuration information 2.
  • FIG. 7 is a diagram illustrating an example of the system configuration information 2.
  • the system configuration information 2 includes a network name (in the figure, “network” is indicated by “NW”), connected devices 1 to connected devices 4.
  • step S002 the user uses the scenario input unit 3 to create a basic attack scenario, which is a content that the trainer wants to train, by specifying a series of attack steps.
  • the training device 1 displays the attack classification information 7 obtained by dividing the attack scenario in units of attack classification, and the function information 6 serving as the attack source and the attack target, and can associate the attack classification with the device name to the user. Like that.
  • the attack classification information 7 is information stored in advance in the information storage unit 4.
  • the user designates an attack step in which the characteristics of the basic attack scenario that the trainer wants to train are markedly displayed from a series of attack steps.
  • the attack step specified here is an attack step that is always set when creating an individual attack scenario according to the system configuration of each training target system.
  • this attack step is called an essential step.
  • the training device 1 outputs basic attack scenario information.
  • FIG. 8 is a diagram illustrating an example of the attack classification information 7.
  • the attack classification information 7 includes an attack classification.
  • FIG. 9 is a diagram illustrating an example of basic attack scenario information.
  • basic attack scenario information includes attack step numbers. , Attack classification, attack source (function), attack target (function), and information indicating whether it is essential.
  • the basic attack scenario information is created from scratch, but the basic attack scenario information generated in the past is stored as a template in the scenario template 8 of the information storage unit 4, and this step (S002) It may be loaded at the time of execution.
  • the user may be able to appropriately specify information indicating the attack classification, attack source, attack target, and necessity.
  • step S003 the scenario generation unit 5 generates an individual attack scenario according to the system configuration input by the user. A detailed processing flow of step S003 will be described later.
  • step S004 the scenario generation unit 5 outputs the generated individual attack scenario and ends the process.
  • FIG. 10 is a flowchart (part 1) illustrating the flow of operations of the scenario generation unit 5.
  • FIG. 11 is a flowchart (part 2) of the operation flow of the scenario generation unit 5.
  • FIG. 12 is a flowchart (part 3) illustrating the flow of the operation of the scenario generation unit 5.
  • FIG. 13 is a flowchart (part 4) of the operation flow of the scenario generation unit 5.
  • step S101 the determination unit 10 of the scenario generation unit 5 determines whether or not the function required in the essential step exists in the system.
  • the determination unit 10 refers to the basic attack scenario information, confirms the function required when executing the essential step, and determines whether a device corresponding to the function is registered in the system configuration information 1.
  • step S101 the process proceeds to step S102. If it is determined in step S101 that it does not exist, the process proceeds to step S106, and an individual attack scenario for training cannot be generated, and the process ends.
  • step S102 the determination unit 10 of the scenario generation unit 5 determines whether the function required when executing the essential step is singular or plural. For example, the attack step no. In 1, the required function is singular, and in other attack steps, there are multiple functions. If the required function is singular, the process proceeds to step S104. If there are a plurality of necessary functions, the process proceeds to step S103.
  • step S103 the determination unit 10 of the scenario generation unit 5 determines whether or not a plurality of functions necessary for executing the essential steps are connected to each other. This process is determined by associating the functions of the system configuration information 1 with the names of devices connected to each other in the system configuration information 2. If it is connected, the process proceeds to step S104. When not connected, it progresses to step S106, and the process is complete
  • step S104 the determination unit 10 of the scenario generation unit 5 determines a step that is a prerequisite when executing the essential step.
  • premise step determination information 9 is used.
  • FIG. 14 is a diagram illustrating an example of the premise step determination information 9.
  • the prerequisite step determination information 9 is obtained by associating the attack classification of the essential step with the attack classification necessary for the prerequisite step.
  • the essential step is unauthorized communication from EWS, it can be seen from FIG. 14 that infection to EWS is necessary as a premise.
  • the process proceeds to step S105.
  • step S105 the determination unit 10 of the scenario generation unit 5 determines whether a step corresponding to the precondition determined in step S104 exists in the basic attack scenario information.
  • the attack step No. Since there is an infection from HMI to EWS in No. 3, it is determined in step S105 that it exists, and the process proceeds to step S107.
  • a step that is a premise of an essential step in the attack steps described in the basic attack scenario information is referred to as a premise step.
  • a step that is neither an essential step nor a prerequisite step is called an optional step. If it is determined in step S105 that it does not exist, the process proceeds to step S106, and an individual attack scenario for training cannot be generated, and the process ends.
  • step S107 the determination unit 10 of the scenario generation unit 5 determines whether or not a function necessary for executing the premise step exists in the system. Since the determination method is the same as step S101 in the case of the essential step, the description is omitted. If it is determined in step S107 that it exists, the process proceeds to step S108. If it is determined in step S107 that it does not exist, the process proceeds to step S112 or step S113.
  • step S108 the determination unit 10 of the scenario generation unit 5 determines whether the function necessary for executing the premise step is singular or plural. If the required function is singular, the process proceeds to step S110. If there are a plurality of necessary functions, the process proceeds to step S109.
  • step S109 the determination unit 10 of the scenario generation unit 5 determines whether or not the functions necessary for executing the premise step are connected to each other. Since the determination method is the same as step S103, the description is omitted. If it is connected in step S109, the process proceeds to step S110. If not connected in step S109, the process proceeds to step S114 or step S115.
  • attack step No. which is a premise step, is performed. 3 is infection from HMI to EWS. Since the system configuration information 2 indicates that the operation terminal 2 and the controller are connected, the process proceeds to step S110.
  • step S110 the determination unit 10 of the scenario generation unit 5 registers the function of the essential step and the prerequisite step in the individual attack scenario by changing the device name input by the user.
  • the essential steps and the prerequisite steps are in a state that can be executed in the training target system. Therefore, in step S110, the device name input by the user is assigned to the function required in the essential step and the prerequisite step, and is registered in the individual attack scenario, and the process proceeds to step S111.
  • attack step No. which is an essential step. 4 is the controller
  • the attack target is the control target device 1
  • the operation terminal 2 is set as the attack source 3 and the controller is set as the attack target and registered.
  • step S111 the determination unit 10 of the scenario generation unit 5 determines whether the determination in step S101 has been performed for all the essential steps set in the basic attack scenario information. When it determines, it progresses to step S116, and when not determining, it progresses to step S101.
  • step S112 and step S113 the complementing unit 11 of the scenario generation unit 5 performs processing in the case where the function required in the premise step does not exist in the system in step S107.
  • the function that becomes the attack source in the premise step exists in step S112 and step S113. This is the case.
  • the premise step is required to make the attack as a result, that is, the attack target. Therefore, the content of the step is changed so that the same result as the result of the premise step is obtained from the system configuration information 1, the system configuration information 2, and the attack classification information 7.
  • the premise step is infection from HMI to EWS, and there is no HMI.
  • the process proceeds from step S107 to step S112, and the content of the step is changed so that EWS is directly infected in step S112.
  • means for direct infection For example, there are infection via a USB memory, infection by opening a mail attached file, infection by downloading a file containing malware from a website, and the like.
  • a premise step is created by randomly selecting from these.
  • Step S113 is processing when the attack classification is internal investigation.
  • the complementing unit 11 of the scenario generation unit 5 performs a step of performing an internal investigation from a function connected to the EWS, and further adds a step of infecting the function.
  • Requirement steps can be executed by changing the contents of the prerequisite steps as described above.
  • operation of training device 1 is not restricted to this, and other attacks may be performed.
  • step S114 and step S115 the complementing unit 11 of the scenario generation unit 5 performs processing when the system has the functions necessary for the premise step in step S107 but they are not connected to each other. Do.
  • step S114 the complementing unit 11 of the scenario generating unit 5 assumes secondary infection via a function connected to the target function. If the function does not exist, it is directly infected.
  • the complement unit 11 extracts the premise step from the basic attack scenario information.
  • the complementing unit 11 selects a device having the attack target function of the premise step from the system configuration information 1, is interconnected with this from the system configuration information 2, and also interacts with the attack source function of the premise step.
  • an intermediate device it is a step of performing secondary infection via the intermediate device. Specifically, it is assumed that the infection progresses in the order of the attack source of the premise step ⁇ the intermediate device ⁇ the attack target of the premise step. If there is no intermediate device, that is, if the path connecting the attack source of the premise step and the attack target of the premise step cannot be connected through any path, the step of directly infecting the attack target is performed as in step S112 And
  • Step S115 is processing when the attack classification is internal investigation. As in step S114, once the intermediate device is once infected, an internal investigation is performed from the intermediate device.
  • step S114 and step S115 as in the case of step S112 and step S113, examples of infection and internal investigation are given as attack categories.
  • the operation of the training apparatus 1 is not limited to this, and other attacks are performed. Also good.
  • step S116 and subsequent steps processing for registering or deleting the optional step in the individual attack step is performed.
  • the training device 1 refers to the basic attack scenario information and determines the attack step number. Judgment is made in the order of the option step with the smallest. When the contents of the premise step are changed in order to execute the essential step, it is necessary to match with the optional step.
  • step S116 the complement unit 11 of the scenario generation unit 5 selects the option that is the current determination target. It is determined whether the function required when executing the step includes the same function as that required when executing the prerequisite step. When the same thing is included, it progresses to step S117, and when it does not include the same thing, it progresses to step S126.
  • step S117 the complementing unit 11 of the scenario generating unit 5 determines whether or not the content of the step has been changed when determining the prerequisite step.
  • the attack step No. of the original basic attack scenario information In the case of infection from HMI 3 to EWS, HMI was registered as operation terminal 2 and EWS as a controller as it was. Therefore, the content of the premise step is not changed and the process proceeds to step S122. If the contents of the prerequisite step are changed, the process proceeds to step S118.
  • step S118 the complement unit 11 of the scenario generation unit 5 deletes the optional step in which the content of the prerequisite step is changed.
  • the reason for this is that if the prerequisite step is changed by matching the required step and the prerequisite step, the scenario is completed as an attack scenario, so that an inconsistency occurs if the optional step is left.
  • step S119 the complementing unit 11 of the scenario generation unit 5 determines whether all the optional steps set in the basic attack scenario information have been determined in step S116. When it determines, it progresses to step S120. If not, the process proceeds to step S121, and the next optional step is determined.
  • step S120 the output unit 12 of the scenario generation unit 5 outputs the registered individual attack scenario and ends the process.
  • step S120 corresponds to step S004.
  • FIG. 15 is a diagram illustrating an example of individual attack scenario information.
  • the individual attack scenario information includes an attack step No. , Attack classification, attack source (device name), attack target (device name).
  • step S122 is a step when it is determined in step S117 that the contents of the prerequisite step have not been changed. If there is no change, the basic attack scenario information input by the user has both a case where the basic attack scenario information can be executed without change and a case where the information cannot be changed.
  • step S122 it is determined whether a function that is necessary when executing the determination target option step and that is not the same as the function required in the premise step exists in the system. In the example of the first embodiment, the OA-PC corresponds to its function and does not exist in the system. If not, the process proceeds to step S129 or step S130. When it exists, it progresses to step S123.
  • step S123 the complementing unit 11 of the scenario generation unit 5 determines whether the function required in the premise step and the function required in the optional step are connected to each other. If it is connected, the process proceeds to step S124, and the device name input by the user is assigned and registered in the individual attack scenario. If not connected, the process proceeds to step S125, and the option step is deleted.
  • step S126 is a step when it is determined that the function required when executing the optional step to be determined in step S116 does not include the same function as that required when executing the prerequisite step. It is. In such a case, the prerequisite step can be executed regardless of whether or not the corresponding optional step is executed. Therefore, whether or not the function required for executing the optional step exists in the system is determined. Decide whether to register for individual attack scenarios. When it exists, it progresses to step S127. If it does not exist, the process proceeds to step S125, and the step is deleted.
  • step S127 the complementing unit 11 of the scenario generating unit 5 determines whether the function necessary for executing the optional step is singular or plural. Since the determination method is the same as step S102, the description is omitted. If it is singular, it is determined that it can be executed, and the process proceeds to step S124 where the device name input by the user is assigned and registered in the individual attack scenario. If there are more than one, the process proceeds to step S128.
  • step S128 the complementing unit 11 of the scenario generating unit 5 determines whether or not a plurality of functions necessary for executing the optional step are connected to each other. Since the determination method is the same as step S103, the description is omitted. If it is connected, it is determined that execution is possible, the process proceeds to step S124, and the device name input by the user is assigned and registered in the individual attack scenario. When not connected, it progresses to step S125 and deletes the said step.
  • Step S129 or Step S130 is processing when it is determined in Step S122 that the function required for the optional step does not exist in the system. Since the processing method is the same as step S112 and step S113, the description is omitted.
  • the system configuration information of the training target system is used as an input, and the basic attack scenario expressed by the device function and a series of attack steps is rewritten so as to match the system configuration information.
  • the same training scenario can be automatically generated for multiple systems with different system configurations, and the construction period and cost of training scenario development are reduced. The effect that it can be obtained.
  • 1 training device 2 system configuration input unit, 3 scenario input unit, 4 information storage unit, 5 scenario generation unit, 6 function information, 7 attack classification information, 8 scenario template, 9 prerequisite step determination information, 10 determination unit, 11 complement Unit, 12 output unit, 20 processor, 21 external storage memory, 22 main storage memory, 23 input interface, 24 output interface, 30 operating device 1, 31 operating device 2, 32 controller, 33 controlled device 1, 34 controlled device 2.

Landscapes

  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Health & Medical Sciences (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

La présente invention concerne un dispositif de formation pour dispenser une formation à un opérateur qui est employé en tant que tel dans une installation ou une usine, de manière à permettre à l'opérateur de répondre de manière appropriée en cas d'accident ou d'urgence. L'invention concerne un dispositif de formation, comprenant une unité de mémorisation d'informations qui mémorise des informations de fonction qui indiquent une fonction d'un appareil et des informations de classification d'attaque qui indiquent une classification d'une étape d'exécution d'une cyber-attaque, et une unité de génération de scénario qui reçoit une entrée d'informations de configuration de système qui indique des informations d'un appareil qui configure un système pour lequel une formation doit être réalisée, qui écrase les informations de fonction d'un scénario d'attaque de base, qui comprend des étapes d'exécution dans lesquelles les informations de fonction et les informations de classification d'attaque sont associées les unes aux autres, à destination de l'appareil d'informations de configuration du système qui correspondent auxdites informations de fonction, et qui génère un scénario d'attaque spécifique qui est un scénario d'attaque spécifique au système sur lequel il convient de s'exercer, car il présente une correspondance avec les informations de configuration de système de ce système de formation pour lequel la formation doit être effectuée.
PCT/JP2016/051505 2016-01-20 2016-01-20 Dispositif de formation, procédé de formation, et programme de formation WO2017126041A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2017562203A JP6361837B2 (ja) 2016-01-20 2016-01-20 訓練装置、訓練方法、及び訓練プログラム
PCT/JP2016/051505 WO2017126041A1 (fr) 2016-01-20 2016-01-20 Dispositif de formation, procédé de formation, et programme de formation
TW105105827A TW201727596A (zh) 2016-01-20 2016-02-26 訓練裝置、訓練方法以及訓練程式

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2016/051505 WO2017126041A1 (fr) 2016-01-20 2016-01-20 Dispositif de formation, procédé de formation, et programme de formation

Publications (1)

Publication Number Publication Date
WO2017126041A1 true WO2017126041A1 (fr) 2017-07-27

Family

ID=59362610

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/051505 WO2017126041A1 (fr) 2016-01-20 2016-01-20 Dispositif de formation, procédé de formation, et programme de formation

Country Status (3)

Country Link
JP (1) JP6361837B2 (fr)
TW (1) TW201727596A (fr)
WO (1) WO2017126041A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019043411A (ja) * 2017-09-04 2019-03-22 株式会社日立製作所 列車用訓練システムおよびその制御方法
JP2020017065A (ja) * 2018-07-25 2020-01-30 株式会社日立製作所 車両不正アクセス対策装置、及び車両不正アクセス対策方法
JPWO2020255359A1 (fr) * 2019-06-20 2020-12-24
WO2021038612A1 (fr) * 2019-08-23 2021-03-04 Nec Corporation Appareil d'évaluation de sécurité, procédé d'évaluation de sécurité, et support lisible par ordinateur non transitoire
EP3958152A1 (fr) 2020-08-17 2022-02-23 Hitachi, Ltd. Dispositif de simulation de scénario d'attaque, système de génération de scénario d'attaque et procédé de génération de scénario d'attaque
US11507660B2 (en) 2020-01-30 2022-11-22 Fujitsu Limited Information processing apparatus, non-transitory computer-readable storage medium, and cyber exercise control method
US11956271B2 (en) 2018-11-21 2024-04-09 Mitsubishi Electric Corporation Scenario generation device, scenario generation method, and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003108521A (ja) * 2001-09-29 2003-04-11 Toshiba Corp 脆弱性評価プログラム、方法及びシステム
JP2007279868A (ja) * 2006-04-04 2007-10-25 Hitachi Electronics Service Co Ltd Mspサービス用過去事例提供システム及びmspサービス用過去事例提供方法
WO2015029464A1 (fr) * 2013-08-29 2015-03-05 三菱電機株式会社 Dispositif de simulation, dispositif de génération d'informations, procédé de simulation, programme de simulation, système de création d'environnement, procédé de création d'environnement, et programme
JP2015231138A (ja) * 2014-06-05 2015-12-21 日本電信電話株式会社 サイバー攻撃演習システム、演習環境提供方法、および、演習環境提供プログラム

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015072041A1 (fr) * 2013-11-18 2015-05-21 株式会社日立製作所 Système d'apprentissage de mesures de sécurité et procédé d'apprentissage de mesures de sécurité

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003108521A (ja) * 2001-09-29 2003-04-11 Toshiba Corp 脆弱性評価プログラム、方法及びシステム
JP2007279868A (ja) * 2006-04-04 2007-10-25 Hitachi Electronics Service Co Ltd Mspサービス用過去事例提供システム及びmspサービス用過去事例提供方法
WO2015029464A1 (fr) * 2013-08-29 2015-03-05 三菱電機株式会社 Dispositif de simulation, dispositif de génération d'informations, procédé de simulation, programme de simulation, système de création d'environnement, procédé de création d'environnement, et programme
JP2015231138A (ja) * 2014-06-05 2015-12-21 日本電信電話株式会社 サイバー攻撃演習システム、演習環境提供方法、および、演習環境提供プログラム

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019043411A (ja) * 2017-09-04 2019-03-22 株式会社日立製作所 列車用訓練システムおよびその制御方法
JP7011911B2 (ja) 2017-09-04 2022-01-27 株式会社日立製作所 列車用訓練システムおよびその制御方法
JP7000271B2 (ja) 2018-07-25 2022-01-19 株式会社日立製作所 車両不正アクセス対策装置、及び車両不正アクセス対策方法
JP2020017065A (ja) * 2018-07-25 2020-01-30 株式会社日立製作所 車両不正アクセス対策装置、及び車両不正アクセス対策方法
US11956271B2 (en) 2018-11-21 2024-04-09 Mitsubishi Electric Corporation Scenario generation device, scenario generation method, and computer readable medium
WO2020255359A1 (fr) * 2019-06-20 2020-12-24 日本電気株式会社 Dispositif d'aide à la formation en matière de sécurité, procédé d'aide à la formation en matière de sécurité et support d'enregistrement lisible par ordinateur
JP7238987B2 (ja) 2019-06-20 2023-03-14 日本電気株式会社 セキュリティ訓練支援装置、セキュリティ訓練支援方法、及びプログラム
JPWO2020255359A1 (fr) * 2019-06-20 2020-12-24
WO2021038612A1 (fr) * 2019-08-23 2021-03-04 Nec Corporation Appareil d'évaluation de sécurité, procédé d'évaluation de sécurité, et support lisible par ordinateur non transitoire
JP2022543424A (ja) * 2019-08-23 2022-10-12 日本電気株式会社 セキュリティアセスメント装置、セキュリティアセスメント方法、プログラム
JP7318798B2 (ja) 2019-08-23 2023-08-01 日本電気株式会社 セキュリティアセスメント装置、セキュリティアセスメント方法、プログラム
US11507660B2 (en) 2020-01-30 2022-11-22 Fujitsu Limited Information processing apparatus, non-transitory computer-readable storage medium, and cyber exercise control method
JP7409116B2 (ja) 2020-01-30 2024-01-09 富士通株式会社 プログラム,情報処理装置およびサイバー演習制御方法
EP3958152A1 (fr) 2020-08-17 2022-02-23 Hitachi, Ltd. Dispositif de simulation de scénario d'attaque, système de génération de scénario d'attaque et procédé de génération de scénario d'attaque
US11765196B2 (en) 2020-08-17 2023-09-19 Hitachi, Ltd. Attack scenario simulation device, attack scenario generation system, and attack scenario generation method

Also Published As

Publication number Publication date
TW201727596A (zh) 2017-08-01
JP6361837B2 (ja) 2018-07-25
JPWO2017126041A1 (ja) 2018-03-15

Similar Documents

Publication Publication Date Title
JP6361837B2 (ja) 訓練装置、訓練方法、及び訓練プログラム
US9372785B2 (en) Identifying implicit assumptions associated with a software product
Smeenk et al. Applying automata learning to embedded control software
JP7115526B2 (ja) 分析システム、方法、及び、プログラム
JP6551715B2 (ja) 拡張性保有装置
JP6614466B2 (ja) 能力付与データ生成装置
US20170091462A1 (en) Software development system in system development based on model-based method
CN114579427A (zh) 对软件系统进行模糊测试
GB2524737A (en) A system and method for testing a workflow
JP2017068825A (ja) ソフトウェア開発システムおよびプログラム
US20190172368A1 (en) Secure computer-implemented execution and evaluation of programming assignments for on demand courses
US11765196B2 (en) Attack scenario simulation device, attack scenario generation system, and attack scenario generation method
CN109558207A (zh) 在虚拟机中形成用于进行文件的防病毒扫描的日志的系统和方法
JP2020013571A (ja) アプリケーション更新方法、アプリケーション更新装置、電子機器およびコンピュータ読み取り可能な記憶媒体
Mahmoodi et al. Attack surface modeling and assessment for penetration testing of IoT system designs
CN114035827A (zh) 应用程序更新方法、装置、设备及存储介质
JP6634055B2 (ja) ユーザによるアプリケーションの不公平な評価を防止するシステム及び方法
Kozák et al. Creating valid adversarial examples of malware
CN110928536A (zh) 一种图形化编程作品在线评测装置、系统及方法
JP5758311B2 (ja) テストコード生成装置、テストコード生成方法、テストコード生成プログラム
Fuertes et al. Software-based platform for education and training of DDoS attacks using virtual networks
JPWO2021059471A5 (ja) セキュリティリスク分析支援装置、方法、及びプログラム
JP2007156822A (ja) 計算機システムの模擬アプリケーション試験装置
JP2020030490A (ja) モデル検査用スクリプト変換プログラム、モデル検査プログラム、モデル検査用スクリプト変換装置及びモデル検査装置
JP7438919B2 (ja) 情報処理装置、情報処理方法およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16886283

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017562203

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16886283

Country of ref document: EP

Kind code of ref document: A1