{"title":"Applying Process Discovery to Cybersecurity Training: An Experience Report","authors":"M. Macák, R. Ošlejšek, Barbora Buhnova","doi":"10.1109/eurospw55150.2022.00047","DOIUrl":null,"url":null,"abstract":"Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.","PeriodicalId":275840,"journal":{"name":"2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/eurospw55150.2022.00047","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.
由于这一学习领域的过程导向性质,实际网络安全培训的质量提高具有挑战性。事件日志仅以难以分析的形式提供受训人员行为的稀疏预览。过程挖掘在将事件转换为行为图方面具有巨大的潜力,这些行为图可以提供比原始数据更好的认知特征来理解用户的行为。然而,学习分析的实际可用性受到许多方面的影响。本文旨在提供一份经验报告,总结将过程发现集成到网络范围中的关键特征和障碍。我们描述了将流程挖掘技术应用于网络范围内捕获的数据的经验教训,我们已经开发和运营了近十年。我们讨论从整个工作流程中吸取的经验教训,涵盖数据预处理,数据映射和过程模型的利用,用于捕获旗帜游戏的训练后分析。本文明确讨论了处理可伸缩性的策略,因为可伸缩性已被证明是一项具有挑战性的任务。交互式数据映射和特定于Capture the Flag的特性用于解决这个问题。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
