Research

The Collegiate Penetation Testing Competition (CPTC) is dedicated to education of the next generations of cybersecurity professionals. One way that the competition gives back is to collect, anonymize, and public research data from each competition.

CPTC also works with researchers across the globe to assist the greater community and body of security knowledge. All we ask is that you cite the data set/competition and let us tell the world about your work below!

All published research data is accessible at:

http://cptc.rit.edu/

Interested in Doing Research with CPTC?
If you are interested in getting involved in research, looking for collaborations, or otherwise want to use CPTC data in your research, please reach out and a member of our team will be happy to connect with you!

Past Research

Yang et al.

Project Overview
PI Yang is leading a number of efforts that utilizes Suricata alerts collected through CPTC annual events. Specifically, ASSERT is a novel information theoretic unsupervised learning system that continually learns to generate and update statistical attack models reflecting unique attack behaviors. It consumes streaming intrusion alerts and transforms them into attack models in near real-time. ASSERT can serve as an add-on to SIEM platforms and help SOC analysts focus on critical and emerging attack behaviors. Other efforts include the uses of Generative Adversarial Networks, Pseudo-Active Transfer Learning, Time Series Analysis, Pattern Mining, and Stochastic Modeling. The above efforts have been supported by NSF Awards #1526383, #1742789, and RIT GCI Seed Fund.

Contributors
Unless noted, the contributors below are affiliated with RIT.
Current: Shanchieh (Jay) Yang (PI), Stephen Moskal, Gordon Werner, Ayush Goel, Azqa Nadeem (TU Delft), and Sicco Verwer (TU Delft).

Past Contributors: Ahmet Okutan, Robin Chang, Steven Su, Chris Sweet, Lu-Tzu Li, Ashley Resuta, Kyle Ki, and many others.

Follow-Up
Jay.Yang ‘at’ rit.edu

Meneely et al.

Project Overview
PI Meneely and PhD student Ben Meyers are working on analyzing attacker behavior using CPTC events. We curate the events of the competition to construct detailed timelines of what each team was doing at every moment of the competition. Using this information, we use a combination of human classification, machine learning, and computational linguistics to classify each event according to the MITRE ATT&CK framework, so that we can compare behaviors across teams. This work will help researchers and security analysts what approaches penetration testers prioritize in finding vulnerabilities.

Contributors
Current: Dr. Andy Meneely (http://www.se.rit.edu/~andy) and Ben Meyers (https://www.rit.edu/gccis/geoinfosciencecenter/benjamin-meyers)

Past Contributors: Ryan Cervantes, a scholar in the Cybercorps Scholarship for Service program, Dr. Nuthan Munaiah

Follow-up
http://www.se.rit.edu/~andy