Applying Process Discovery to Cybersecurity Training: An Experience Report

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F22%3A00125678" target="_blank" >RIV/00216224:14330/22:00125678 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9799415" target="_blank" >https://ieeexplore.ieee.org/document/9799415</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/EuroSPW55150.2022.00047" target="_blank" >10.1109/EuroSPW55150.2022.00047</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Applying Process Discovery to Cybersecurity Training: An Experience Report

Popis výsledku v původním jazyce

Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.

Název v anglickém jazyce

Applying Process Discovery to Cybersecurity Training: An Experience Report

Popis výsledku anglicky

Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

ISBN

9781665495608

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

394-402

Název nakladatele

IEEE

Místo vydání

Neuveden

Místo konání akce

Genoa, Italy

Datum konání akce

1. 1. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000853211100040