Hands-on Cybersecurity Training Behavior Data for Process Mining

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00135294" target="_blank" >RIV/00216224:14330/24:00135294 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1016/j.dib.2023.109956" target="_blank" >https://doi.org/10.1016/j.dib.2023.109956</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.dib.2023.109956" target="_blank" >10.1016/j.dib.2023.109956</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Hands-on Cybersecurity Training Behavior Data for Process Mining

Popis výsledku v původním jazyce

The research on using process mining in learning analytics of cybersecurity exercises relies on datasets that reflect the real behavior of trainees. Although modern cyber ranges, in which training sessions are organized, can collect behavioral data in the form of event logs, the organization of such exercises is laborious. Moreover, the collected raw data has to be processed and transformed into a specific format required by process mining techniques. We present two datasets with slightly different characteristics. While the first exercise with 52 participants was not limited in time, the second supervised exercise with 42 trainees lasted two hours. Also, the cybersecurity tasks were slightly different. A total of 11757 events were collected. Of these, 3597 were training progress events, 5669 were Bash commands, and 2491 were Metasploit commands. Joint CSV files distilled from the raw event data can be used as input for existing process mining tools.

Název v anglickém jazyce

Hands-on Cybersecurity Training Behavior Data for Process Mining

Popis výsledku anglicky

The research on using process mining in learning analytics of cybersecurity exercises relies on datasets that reflect the real behavior of trainees. Although modern cyber ranges, in which training sessions are organized, can collect behavioral data in the form of event logs, the organization of such exercises is laborious. Moreover, the collected raw data has to be processed and transformed into a specific format required by process mining techniques. We present two datasets with slightly different characteristics. While the first exercise with 52 participants was not limited in time, the second supervised exercise with 42 trainees lasted two hours. Also, the cybersecurity tasks were slightly different. A total of 11757 events were collected. Of these, 3597 were training progress events, 5669 were Bash commands, and 2491 were Metasploit commands. Joint CSV files distilled from the raw event data can be used as input for existing process mining tools.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach<br>I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Data in Brief

ISSN

2352-3409

e-ISSN

2352-3409

Svazek periodika

52

Číslo periodika v rámci svazku

February 2024

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

12

Strana od-do

1-12

Kód UT WoS článku

001140661000001

EID výsledku v databázi Scopus

2-s2.0-85185848046