Metrics
121 Record Views
Journal article
Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22
Future internet, Vol.15(7), p.236
07/06/2023
Web of Science ID: WOS:001038563800001
Abstract
There has been a great deal of research in the area of using graph engines and graph databases to model network traffic and network attacks, but the novelty of this research lies in visually or graphically representing the Reconnaissance Tactic (TA0043) of the MITRE ATT&CK framework. Using the newly created dataset, UWF-Zeekdata22, based on the MITRE ATT&CK framework, patterns involving network connectivity, connection duration, and data volume were found and loaded into a graph environment. Patterns were also found in the graphed data that matched the Reconnaissance as well as other tactics captured by UWF-Zeekdata22. The star motif was particularly useful in mapping the Reconnaissance Tactic. The results of this paper show that graph databases/graph engines can be essential tools for understanding network traffic and trying to detect network intrusions before they happen. Finally, an analysis of the runtime performance of the reduced dataset used to create the graph databases showed that the reduced datasets performed better than the full dataset.
Details
- Title
- Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22
- Publication Details
- Future internet, Vol.15(7), p.236
- Resource Type
- Journal article
- Publisher
- MDPI
- Format
- link
- Grant note
- This research was funded by the National Centers of Academic Excellence in Cybersecurity, 2021 NCAE-C-002: Cyber Research Innovation Grant Program, Grant Number: H98230-21-1-0170.
- Copyright
- © the author(s)
- Identifiers
- WOS:001038563800001; 99380455875706600
- Academic Unit
- Mathematics and Statistics; Computer Science; Hal Marcus College of Science and Engineering
- Language
- English