Publication Type : Conference Paper
Thematic Areas : Learning-Technologies, Amrita Center for Cybersecurity Systems and Networks
Publisher : International Conference for Convergence of Technology (I2CT)
Source : International Conference for Convergence of Technology (I2CT) (2014)
Url : http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7092098
Keywords : Analytic hierarchy process, capture the flag security evaluation, Computer crime, CTF, ethical hacking competitions, Framework, Hacking, Software engineering, software vulnerabilities, Training, Uniform resource locators, Vulnerability .
Campus : Amritapuri, Coimbatore
School : School of Business, Centre for Cybersecurity Systems and Networks, School of Engineering
Center : Technologies & Education (AmritaCREATE), Amrita Center For Research in Analytics, Cyber Security
Department : cyber Security
Year : 2014
Abstract : A large number of ethical hacking competitions are organized worldwide as Capture The Flag (CTF) events. But there does not exist a framework to evaluate and rank CTFs that will guide participants as to which CTF's to participate. In a CTF event, the participants are required to either solve a set of challenges to gain points or they are required to defend their system by eliminating the vulnerabilities while attacking other's system vulnerabilities. We are proposing a framework that would evaluate and rank CTFs according to factors like similarity of the tasks to the common critical vulnerabilities, solvability of tasks, periodicity, training given prior to CTF, geographical reach, problem solving skills etc. In the next step these factors are systematically assigned weights using Analytic Hierarchy Process. As part of frame work creation and validation, ten CTFs have been analysed. Our analysis indicates that: All CTFs fall in to one of the three categories (jeopardy, attack-defence and mixed); CTFs often adopt popular software vulnerabilities and threats as tasks to be solved; Only few CTFs give formal training prior to the event; Complexity of the tasks to be solved varies from CTF to CTF. Five CTFs were ranked using the newly developed framework.
Cite this Research Publication : Raghu Raman, Sunny, S., Pavithran, V., and Dr. Krishnashree Achuthan, “Framework for evaluating Capture the Flag (CTF) security competitions”, in International Conference for Convergence of Technology (I2CT), 2014