D 2022

Applying Process Discovery to Cybersecurity Training: An Experience Report

MACÁK, Martin, Radek OŠLEJŠEK and Barbora BÜHNOVÁ

Basic information

Original name

Applying Process Discovery to Cybersecurity Training: An Experience Report

Authors

MACÁK, Martin (703 Slovakia, guarantor, belonging to the institution), Radek OŠLEJŠEK (203 Czech Republic, belonging to the institution) and Barbora BÜHNOVÁ (203 Czech Republic, belonging to the institution)

Edition

Neuveden, PW), p. 394-402, 9 pp. 2022

Publisher

IEEE

Other information

Language

English

Type of outcome

Proceedings paper

Confidentiality degree

is not subject to a state or trade secret

Publication form

electronic version available online

References:

RIV identification code

RIV/00216224:14330/22:00125678

Organization

Fakulta informatiky – Repository – Repository

ISBN

978-1-6654-9560-8

DOI

UT WoS

000853211100040

EID Scopus

2-s2.0-85134163067

Keywords in English

cybersecurity; hands-on training; process mining; data analysis; learning analytics

Links

CZ.02.1.01/0.0/0.0/16_019/0000822, interní kód Repo. EF16_019/0000822, research and development project.
Changed: 22/3/2025 00:51, RNDr. Daniel Jakubík

Abstract

V originále

Quality improvement of practical cybersecurity training is challenging due to the process-oriented nature of this learning domain. Event logs provide only a sparse preview of trainees' behavior in a form that is difficult to analyze. Process mining has great potential in converting events into behavioral graphs that could provide better cognitive features for understanding users' behavior than the raw data. However, practical usability for learning analytics is affected by many aspects. This paper aims to provide an experience report summarizing key features and obstacles in integrating process discovery into cyber ranges. We describe our lessons learned from applying process mining techniques to data captured in a cyber range, which we have been developing and operating for almost ten years. We discuss lessons learned from the whole workflow that covers data preprocessing, data mapping, and the utilization of process models for the post-training analysis of Capture the Flag games. Tactics addressing scalability are explicitly discussed because scalability has proven to be a challenging task. Interactive data mapping and Capture the Flag specific features are used to address this issue.

Files attached

https://is.muni.cz/publication/1847738/2022-cacoe-applying-process-discovery-cybersecurity-training-experience-report.pdf Licence Creative Commons File version