Hands-on Cybersecurity Training Behavior Data for Process Mining

Warning

This publication doesn't include Faculty of Economics and Administration. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

OŠLEJŠEK Radek MACÁK Martin DOČKALOVÁ BURSKÁ Karolína

Year of publication 2024
Type Article in Periodical
Magazine / Source Data in Brief
MU Faculty or unit

Faculty of Informatics

Citation
Web
Doi http://dx.doi.org/10.1016/j.dib.2023.109956
Keywords cybersecurity training; process mining; learning analytics; behavioral data collection
Attached files
Description The research on using process mining in learning analytics of cybersecurity exercises relies on datasets that reflect the real behavior of trainees. Although modern cyber ranges, in which training sessions are organized, can collect behavioral data in the form of event logs, the organization of such exercises is laborious. Moreover, the collected raw data has to be processed and transformed into a specific format required by process mining techniques. We present two datasets with slightly different characteristics. While the first exercise with 52 participants was not limited in time, the second supervised exercise with 42 trainees lasted two hours. Also, the cybersecurity tasks were slightly different. A total of 11757 events were collected. Of these, 3597 were training progress events, 5669 were Bash commands, and 2491 were Metasploit commands. Joint CSV files distilled from the raw event data can be used as input for existing process mining tools.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.