Applying Process Discovery to Cybersecurity Training: An
Experience Report

D 2022

Applying Process Discovery to Cybersecurity Training: An Experience Report

MACÁK, Martin, Radek OŠLEJŠEK a Barbora BÜHNOVÁ

Základní údaje

Originální název

Applying Process Discovery to Cybersecurity Training: An Experience Report

Autoři

MACÁK, Martin (703 Slovensko, garant, domácí), Radek OŠLEJŠEK (203 Česká republika, domácí) a Barbora BÜHNOVÁ (203 Česká republika, domácí)

Vydání

Neuveden, 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), od s. 394-402, 9 s. 2022

Nakladatel

IEEE

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

Permalink to the publisher

Kód RIV

RIV/00216224:14330/22:00125678

Organizační jednotka

Fakulta informatiky

ISBN

978-1-6654-9560-8

DOI

http://dx.doi.org/10.1109/EuroSPW55150.2022.00047

UT WoS

000853211100040

Klíčová slova anglicky

cybersecurity; hands-on training; process mining; data analysis; learning analytics

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 3. 10. 2022 16:37, doc. RNDr. Radek Ošlejšek, Ph.D.

Anotace

V originále

Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.

Návaznosti

CZ.02.1.01/0.0/0.0/16_019/0000822, interní kód MU
(Kód CEP: EF16_019/0000822)

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur (Akronym: C4e)

Investor: Ministerstvo školství, mládeže a tělovýchovy ČR, Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur, PO 1 Posilování kapacit pro kvalitní výzkum

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Přiložené soubory

2022-cacoe-applying-process-discovery-cybersecurity-training-experience-report.pdf

Vyhledat podobné dokumenty

Citovat

MACÁK, Martin, Radek OŠLEJŠEK a Barbora BÜHNOVÁ. Applying Process Discovery to Cybersecurity Training: An Experience Report. Online. In 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Neuveden: IEEE, 2022, s. 394-402. ISBN 978-1-6654-9560-8. Dostupné z: https://dx.doi.org/10.1109/EuroSPW55150.2022.00047.

@inproceedings{1847738,
   author = {Macák, Martin and Ošlejšek, Radek and Bühnová, Barbora},
   address = {Neuveden},
   booktitle = {2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)},
   doi = {http://dx.doi.org/10.1109/EuroSPW55150.2022.00047},
   keywords = {cybersecurity; hands-on training; process mining; data analysis; learning analytics},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Neuveden},
   isbn = {978-1-6654-9560-8},
   pages = {394-402},
   publisher = {IEEE},
   title = {Applying Process Discovery to Cybersecurity Training: An Experience Report},
   url = {https://ieeexplore.ieee.org/document/9799415},
   year = {2022}
}

TY  - JOUR
ID  - 1847738
AU  - Macák, Martin - Ošlejšek, Radek - Bühnová, Barbora
PY  - 2022
TI  - Applying Process Discovery to Cybersecurity Training: An Experience Report
PB  - IEEE
CY  - Neuveden
SN  - 9781665495608
KW  - cybersecurity
KW  - hands-on training
KW  - process mining
KW  - data analysis
KW  - learning analytics
UR  - https://ieeexplore.ieee.org/document/9799415
N2  - Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.
ER  -

MACÁK, Martin, Radek OŠLEJŠEK a Barbora BÜHNOVÁ. Applying Process Discovery to Cybersecurity Training: An Experience Report. Online. In \textit{2022 IEEE European Symposium on Security and Privacy Workshops (EuroS\&{}PW)}. Neuveden: IEEE, 2022, s.~394-402. ISBN~978-1-6654-9560-8. Dostupné z: https://dx.doi.org/10.1109/EuroSPW55150.2022.00047.

Podrobný výpis o publikaci