EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22

Sikha S. Bagui (), Dustin Mink, Subhash C. Bagui, Michael Plain, Jadarius Hill and Marshall Elam
Additional contact information
Sikha S. Bagui: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Dustin Mink: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Subhash C. Bagui: Department of Mathematics and Statistics, University of West Florida, Pensacola, FL 32514, USA
Michael Plain: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Jadarius Hill: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Marshall Elam: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA

Future Internet, 2023, vol. 15, issue 7, 1-18

Abstract: There has been a great deal of research in the area of using graph engines and graph databases to model network traffic and network attacks, but the novelty of this research lies in visually or graphically representing the Reconnaissance Tactic (TA0043) of the MITRE ATT&CK framework. Using the newly created dataset, UWF-Zeekdata22, based on the MITRE ATT&CK framework, patterns involving network connectivity, connection duration, and data volume were found and loaded into a graph environment. Patterns were also found in the graphed data that matched the Reconnaissance as well as other tactics captured by UWF-Zeekdata22. The star motif was particularly useful in mapping the Reconnaissance Tactic. The results of this paper show that graph databases/graph engines can be essential tools for understanding network traffic and trying to detect network intrusions before they happen. Finally, an analysis of the runtime performance of the reduced dataset used to create the graph databases showed that the reduced datasets performed better than the full dataset.

Keywords: graph databases; data visualization; MITRE ATT&CK tactics; star motif; clique motif; reconnaissance tactic (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/15/7/236/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/7/236/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:7:p:236-:d:1188205

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:236-:d:1188205