Published December 8, 2023 | Version v4
Dataset Open

Dataset: Behavior of Participants in Hands-on Cybersecurity Training Suitable for Process Mining

  • 1. Masaryk University

Description

This repository contains supplementary materials for the following journal paper:

Radek Ošlejšek, Martin Macák, Karolína Dočkalová Burská.
Hands-on cybersecurity training behavior data for process mining.
In Elsevier Data in Brief. 2023.
Available as open-access article on https://doi.org/10.1016/j.dib.2023.109956

Contents

Datasets store event logs of trainees participating in hands-on cybersecurity exercises organized in the KYPO Cyber Range. The data includes training scenarios (expected behavior), raw event logs in the JSON format, and aggregated behavioral data suitable for process mining analysis.

  1. Data1: A dataset of 52 trainees participating in the Locust 3302 exercise adapted an insider attack scenario. No time restrictions were posed on playtime. The data file is structured as follows:
    • training_definition.json: The exercise content – cybersecurity tasks and hints. The training is based on the Locust 3302 game adapted to an insider attack scenario.
    • training_events: Recorded progress of trainees within the exercise, i.e., the status of completing tasks.
    • command_histories: Recorded commands executed on network hosts.
    • process_mining.csv: Complete PM-ready dataset suitable for process discovery or conformance analysis.
    • process_mining_simplified.csv : Reduced PM-ready dataset with semantically identical events being removed.
  2. Data2: A dataset of 48 trainees participating in the original Locust 3302 exercise. Three supervised training sessions were restricted to two hours of playtime. The structure follows the structure of Data1.
  3. Tool: A Java application used to aggregate raw JSON data and transform them into a CSV format suitable for process mining techniques.

How to cite

If you use or build upon the materials, please use the BibTeX entry below to cite the original work.

@article{Oslejsek2023dataset,
    author    = {Radek O\v{s}lej\v{s}ek and Martin Mac\'{a}k and Karol\'{i}na {Do\v{c}kalov\'{a} Bursk\'{a}}},
    title     = {Hands-on cybersecurity training behavior data for process mining},
    journal   = {{Data in Brief}},
    publisher = {Elsevier},
    issn      = {2352-3409},
    year      = {2023},
    volume    = {52},
    doi       = {10.1016/j.dib.2023.109956},
    url       = {https://www.sciencedirect.com/science/article/pii/S2352340923009873}
}

Files

data1.zip

Files (925.7 kB)

Name Size Download all
md5:ad59f123018250a3b2be701a439716ad
426.0 kB Preview Download
md5:31e2a2d4779d94ec06a254ce1ca50e86
430.3 kB Preview Download
md5:445188b2acfb6dcd3150ef057935d166
69.5 kB Preview Download

Additional details

Dates

Collected
2022-11-05/2022-12-05
Data1
Collected
2022-05-04
Data2