Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22
Sikha S. Bagui (),
Dustin Mink,
Subhash C. Bagui,
Michael Plain,
Jadarius Hill and
Marshall Elam
Additional contact information
Sikha S. Bagui: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Dustin Mink: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Subhash C. Bagui: Department of Mathematics and Statistics, University of West Florida, Pensacola, FL 32514, USA
Michael Plain: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Jadarius Hill: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Marshall Elam: Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
Future Internet, 2023, vol. 15, issue 7, 1-18
Abstract:
There has been a great deal of research in the area of using graph engines and graph databases to model network traffic and network attacks, but the novelty of this research lies in visually or graphically representing the Reconnaissance Tactic (TA0043) of the MITRE ATT&CK framework. Using the newly created dataset, UWF-Zeekdata22, based on the MITRE ATT&CK framework, patterns involving network connectivity, connection duration, and data volume were found and loaded into a graph environment. Patterns were also found in the graphed data that matched the Reconnaissance as well as other tactics captured by UWF-Zeekdata22. The star motif was particularly useful in mapping the Reconnaissance Tactic. The results of this paper show that graph databases/graph engines can be essential tools for understanding network traffic and trying to detect network intrusions before they happen. Finally, an analysis of the runtime performance of the reduced dataset used to create the graph databases showed that the reduced datasets performed better than the full dataset.
Keywords: graph databases; data visualization; MITRE ATT&CK tactics; star motif; clique motif; reconnaissance tactic (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:
Downloads: (external link)
https://www.mdpi.com/1999-5903/15/7/236/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/7/236/ (text/html)
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:7:p:236-:d:1188205
Access Statistics for this article
Future Internet is currently edited by Ms. Grace You
More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().