It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To mitigate these drawbacks, this research work proposes an approach that automatically generates scripts and attack contexts based on informal attack scenario descriptions. To isolate business concerns from technological issues, our approach is aligned with the MDA development method. A formal language is proposed to express our Computation Independent model. We rely on the TOSCA standard to describe our Platform Independent Model. We also allow through our approach the generation of several Platform Specific Models. Hence, this research work contributes not only to the overall improvement of attack implementations for cybersecurity training but also to their reuse on various platforms.

翻译：学术界普遍认为，实践练习对于高等教育中的网络安全教学至关重要。然而，其实施不仅成本高昂、耗时费力且容易产生大量错误，还需要具备技术和编程能力来创建攻击场景与脚本。为克服这些缺陷，本研究提出一种基于非正式攻击场景描述自动生成脚本与攻击上下文的方法。为将业务关注点与技术问题相分离，我们的方法遵循MDA开发方法。我们提出一种形式化语言来表达计算无关模型，并依托TOSCA标准描述平台无关模型。通过本方法还可生成多个平台相关模型。因此，本研究不仅有助于整体提升网络安全训练中的攻击实施效果，还能促进其在多平台上的复用。