{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T20:59:15Z","timestamp":1777928355260,"version":"3.51.4"},"reference-count":47,"publisher":"MDPI AG","issue":"20","license":[{"start":{"date-parts":[[2021,10,13]],"date-time":"2021-10-13T00:00:00Z","timestamp":1634083200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Applied Sciences"],"abstract":"<jats:p>Prior experience from the authors has shown that a heavily theoretical approach for cybersecurity training has multiple shortcomings, mostly due to the demanding and diversified nature of the prerequisites, often involving concepts about operating system design, networking and computer architecture, among others. In such circumstances, the quest for trainee engagement often turns into a delicate balancing act between managing their expectations and providing an adequate progression path. In this perspective, hands-on exercises and contact with high-fidelity environments play a vital part in fostering interest and promoting a rewarding learning experience. Making this possible requires having the ability to design and deploy different use case training scenarios in a flexible way, tailored to the specific needs of classroom-based, blended or e-learning teaching models. This paper presents a flexible framework for the creation of laboratory and cyber range environments for training purposes, detailing the development, implementation and exploration of a cyber range scenario, within the scope of a course on cyber-physical systems security. Moreover, the course structure, curricular aspects and teaching methods are also detailed, as well as the feedback obtained from the students.<\/jats:p>","DOI":"10.3390\/app11209509","type":"journal-article","created":{"date-parts":[[2021,10,13]],"date-time":"2021-10-13T09:33:02Z","timestamp":1634117582000},"page":"9509","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Down the Rabbit Hole: Fostering Active Learning through Guided Exploration of a SCADA Cyber Range"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9278-6503","authenticated-orcid":false,"given":"Tiago","family":"Cruz","sequence":"first","affiliation":[{"name":"University of Coimbra, CISUC, DEI, 3030-290 Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5079-8327","authenticated-orcid":false,"given":"Paulo","family":"Sim\u00f5es","sequence":"additional","affiliation":[{"name":"University of Coimbra, CISUC, DEI, 3030-290 Coimbra, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2021,10,13]]},"reference":[{"key":"ref_1","unstructured":"Information Systems Audit and Control Association (ISACA) (2021, July 21). State of Cybersecurity. Available online: https:\/\/www.isaca.org\/go\/state-of-cybersecurity-2020."},{"key":"ref_2","unstructured":"National Institute of Standards and Technology (NIST) (2021, October 03). Cyber Ranges, Available online: https:\/\/www.nist.gov\/system\/files\/documents\/2018\/02\/13\/cyber_ranges.pdf."},{"key":"ref_3","unstructured":"European Cyber Security Organization (ECSO) (2021, October 03). Understanding Cyber Ranges: From Hype to Reality. Available online: https:\/\/www.ecs-org.eu\/documents\/uploads\/understanding-cyber-ranges-from-hype-to-reality.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Hallaq, B., Nicholson, A., Smith, R., Maglaras, L., Janicke, H., and Jones, K. (2018). CYRAN: A hybrid cyber range for testing security on ICS\/SCADA systems. Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications, IGI Global.","DOI":"10.4018\/978-1-5225-5634-3.ch033"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"e132","DOI":"10.1002\/itl2.132","article-title":"Teaching the process of building an Intrusion Detection System using data from a small-scale SCADA testbed","volume":"3","author":"Maglaras","year":"2020","journal-title":"Internet Technol. Lett."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Fraz\u00e3o, I., Abreu, P., Cruz, T., Ara\u00fajo, H., and Sim\u00f5es, P. (2018). Denial of Service Attacks: Detecting the Frailties of Machine Learning Algorithms in the Classification Process. International Conference on Critical Information Infrastructures Security, Springer.","DOI":"10.1007\/978-3-030-05849-4_19"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Trabelsi, Z., and Saleous, H. (2018, January 17\u201320). Teaching keylogging and network eavesdropping attacks: Student threat and school liability concerns. Proceedings of the IEEE Global Engineering Education Conference 2018, Santa Cruz de Tenerife, Spain.","DOI":"10.1109\/EDUCON.2018.8363263"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TE.2015.2417512","article-title":"Teaching network security with IP darkspace data","volume":"59","author":"Zseby","year":"2015","journal-title":"IEEE Trans. Educ."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"34884","DOI":"10.1109\/ACCESS.2018.2850839","article-title":"A Flexible Laboratory Environment Supporting Honeypot Deployment for Teaching Real-World Cybersecurity Skills","volume":"6","author":"Eliot","year":"2018","journal-title":"IEEE Access"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1109\/TE.2010.2048215","article-title":"The design of NetSecLab: A small competition-based network security lab","volume":"54","author":"Lee","year":"2010","journal-title":"IEEE Trans. Educ."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Teixeira, M., Salman, T., Zolanvari, M., Jain, R., Meskin, N., and Samaka, M. (2018). SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach. Future Internet, 10.","DOI":"10.3390\/fi10080076"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"2236","DOI":"10.1109\/TII.2016.2599841","article-title":"A cybersecurity detection framework for supervisory control and data acquisition systems","volume":"12","author":"Cruz","year":"2016","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_13","unstructured":"JYVSECTEC (2021, July 21). Cyber-Range Overview. Available online: https:\/\/jyvsectec.fi\/cyber-range\/overview\/."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Mathur, A., and Tippenhauer, N. (2016, January 10\u201314). SWaT: Secure Water Treatment Testbed for Research and Training in the Design of Industrial Control Systems. Proceedings of the IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC 2016), Atlanta, GA, USA.","DOI":"10.1109\/CySWater.2016.7469060"},{"key":"ref_15","unstructured":"iTrust Centre for Research in Cyber Security (2021, July 21). iTrust Testbeds. Available online: https:\/\/itrust.sutd.edu.sg\/testbeds\/."},{"key":"ref_16","unstructured":"ENISA (2021, October 03). Priorities for EU Research: Analysis of the ECSO Strategic Research and Innovation Agenda (SRIA). Available online: https:\/\/www.enisa.europa.eu\/publications\/priorities-for-eu-research\/at_download\/fullReport."},{"key":"ref_17","unstructured":"ERIGrid Project (2021, July 21). ERIGrid Lab Access Calls. Available online: https:\/\/erigrid2.eu\/lab-access\/."},{"key":"ref_18","unstructured":"Vogel, S., Vetrivel, S., Nguyen, H., Stevic, M., Bhandia, R., Heussen, K., Palensky, P., and Monti, A. (2021, July 21). Geographically Distributed Real-Time Simulation and PHIL between TU Delft, DTU Ris\u00f8, Lyngby and RWTH Aachen. Available online: https:\/\/zenodo.org\/record\/3769631\/files\/13%20VILLAS4ERIGrid.pdf."},{"key":"ref_19","unstructured":"Stouffer, L., Lightman, S., Pillitteri, V., Abrams, M., Hahn, A., and NIST SP 800-82 Rev.2 Guide to Industrial Control Systems (ICS) Security (2021, July 21). Technical Report, Available online: https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-82\/rev-2\/fina."},{"key":"ref_20","unstructured":"WIZnet Co., Ltd. (2021, July 21). W5100 Datasheet. Available online: https:\/\/www.wiznet.io\/wp-content\/uploads\/wiznethome\/Chip\/W5100\/Document\/W5100_DS_V128E.pdf."},{"key":"ref_21","unstructured":"Modicon (2021, July 21). Modbus Protocol Reference Guide (PI\u2014MBUS\u2014300 Rev.J). Available online: https:\/\/www.modbus.org\/docs\/PI_MBUS_300.pdf."},{"key":"ref_22","unstructured":"ISA\/IEC (2017). ISA\/IEC-62443-1-1: Security for Industrial Automation and Control Systems\u2014Models and Concepts, ISA\/IEC."},{"key":"ref_23","unstructured":"Alves, T. (2021, July 21). OpenPLC\u2014The First Fully Open Source Programmable Logic Controller. Available online: https:\/\/www.openplcproject.com."},{"key":"ref_24","unstructured":"Rapid SCADA (2021, July 21). Rapid SCADA Project Homepage. Available online: https:\/\/rapidscada.org\/."},{"key":"ref_25","unstructured":"Offsec Services Ldt (2021, July 21). Kali Linux Project Homepage. Available online: https:\/\/www.kali.org\/."},{"key":"ref_26","unstructured":"Cisco Corp (2021, July 21). Cisco Learning Network\u2014SPAN, RSPAN, ERSPAN. Available online: https:\/\/learningnetwork.cisco.com\/s\/article\/span-rspan-erspan."},{"key":"ref_27","unstructured":"Linux Foundation (2021, July 21). Open vSwitch Project Homepage. Available online: https:\/\/www.openvswitch.org\/."},{"key":"ref_28","unstructured":"International Electrotechnical Commission (IEC) (2013). IEC 61131-3:2013 Programmable Controllers\u2014Part 3: Programming Languages, International Electrotechnical Commission (IEC)."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"42156","DOI":"10.1109\/ACCESS.2019.2906926","article-title":"A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation","volume":"7","author":"Rosa","year":"2019","journal-title":"IEEE Access"},{"key":"ref_30","unstructured":"(2021, July 21). Greenbone Networks GmbH, OpenVAS\u2014Open Vulnerability Assessment Scanner. Available online: https:\/\/www.openvas.org\/."},{"key":"ref_31","unstructured":"Iturbe, M. (2021, July 21). Scanning Industrial Networks. Available online: https:\/\/iturbe.info\/2014\/10\/scanning-industrial-networks\/."},{"key":"ref_32","unstructured":"The Tcpdump Team (2021, July 21). TCPDUMP\/LIBPCAP Public Repository. Available online: https:\/\/www.tcpdump.org\/."},{"key":"ref_33","unstructured":"Linux Kernel Organization (2021, July 21). Linux Kernel IP Systctl. Available online: https:\/\/www.kernel.org\/doc\/Documentation\/networking\/ip-sysctl.txt."},{"key":"ref_34","unstructured":"Hills, R. (2021, July 21). Arp-Scan Github Repository. Available online: https:\/\/github.com\/royhills\/arp-scan."},{"key":"ref_35","unstructured":"Lyon, G. (2021, July 21). Nmap: The Network Mapper\u2014Free Security Scanner. Available online: https:\/\/nmap.org\/."},{"key":"ref_36","unstructured":"Digital Bond (2021, July 21). Digital Bond ICS Enumeration Tools. Available online: https:\/\/github.com\/digitalbond\/Redpoint."},{"key":"ref_37","unstructured":"(2021, July 21). Smod Github Repository. Available online: https:\/\/github.com\/0x0mar\/smod."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Rosa, L., Cruz, T., Sim\u00f5es, P., Monteiro, E., and Lev, L. (2017, January 8\u201312). Attacking SCADA systems: A practical perspective. Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management 2017, Lisbon, Portugal.","DOI":"10.23919\/INM.2017.7987369"},{"key":"ref_39","unstructured":"Sanfilippo, S. (2021, July 21). hping3 Github Project Repository. Available online: https:\/\/github.com\/antirez\/hping."},{"key":"ref_40","unstructured":"Garcia, L., and Lyon, G. (2021, July 21). Nping Network Packet Generation Tool. Available online: https:\/\/nmap.org\/nping\/."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Trabelsi, Z., and Latifa, A. (2013, January 1\u20133). Using network packet generators and snort rules for teaching denial of service attacks. Proceedings of the Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE, Canterbury, UK.","DOI":"10.1145\/2462476.2465580"},{"key":"ref_42","unstructured":"Rapid7, Inc. (2021, July 21). Modbus Client Utility. Available online: https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/scada\/modbusclient\/."},{"key":"ref_43","unstructured":"Rapid7, Inc. (2021, July 21). Schneider Modicon Ladder Logic Upload\/Download. Available online: https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/admin\/scada\/modicon_stux_transfer\/."},{"key":"ref_44","unstructured":"(2021, July 21). Ettercap Project Home Page. Available online: https:\/\/www.ettercap-project.org\/."},{"key":"ref_45","unstructured":"(2021, July 21). Bettercap Project Home Page. Available online: https:\/\/www.bettercap.org\/."},{"key":"ref_46","unstructured":"Wireshark Foundation (2021, July 21). Wireshark Project Home Page. Available online: https:\/\/www.wireshark.org\/."},{"key":"ref_47","unstructured":"(2021, August 17). Scapy: Packet Crafting for Python2 and Python3. Available online: https:\/\/scapy.net\/."}],"container-title":["Applied Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2076-3417\/11\/20\/9509\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:12:35Z","timestamp":1760166755000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2076-3417\/11\/20\/9509"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,13]]},"references-count":47,"journal-issue":{"issue":"20","published-online":{"date-parts":[[2021,10]]}},"alternative-id":["app11209509"],"URL":"https:\/\/doi.org\/10.3390\/app11209509","relation":{},"ISSN":["2076-3417"],"issn-type":[{"value":"2076-3417","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,13]]}}}