Hands-on Cybersecurity Training Behavior Data for Process Mining
Authors | |
---|---|
Year of publication | 2024 |
Type | Article in Periodical |
Magazine / Source | Data in Brief |
MU Faculty or unit | |
Citation | |
web | |
Doi | http://dx.doi.org/10.1016/j.dib.2023.109956 |
Keywords | cybersecurity training; process mining; learning analytics; behavioral data collection |
Attached files | |
Description | The research on using process mining in learning analytics of cybersecurity exercises relies on datasets that reflect the real behavior of trainees. Although modern cyber ranges, in which training sessions are organized, can collect behavioral data in the form of event logs, the organization of such exercises is laborious. Moreover, the collected raw data has to be processed and transformed into a specific format required by process mining techniques. We present two datasets with slightly different characteristics. While the first exercise with 52 participants was not limited in time, the second supervised exercise with 42 trainees lasted two hours. Also, the cybersecurity tasks were slightly different. A total of 11757 events were collected. Of these, 3597 were training progress events, 5669 were Bash commands, and 2491 were Metasploit commands. Joint CSV files distilled from the raw event data can be used as input for existing process mining tools. |
Related projects: |