IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v15y2023i7p236-d1188205.html
   My bibliography  Save this article

Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22

Author

Listed:
  • Sikha S. Bagui

    (Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA)

  • Dustin Mink

    (Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA)

  • Subhash C. Bagui

    (Department of Mathematics and Statistics, University of West Florida, Pensacola, FL 32514, USA)

  • Michael Plain

    (Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA)

  • Jadarius Hill

    (Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA)

  • Marshall Elam

    (Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA)

Abstract

There has been a great deal of research in the area of using graph engines and graph databases to model network traffic and network attacks, but the novelty of this research lies in visually or graphically representing the Reconnaissance Tactic (TA0043) of the MITRE ATT&CK framework. Using the newly created dataset, UWF-Zeekdata22, based on the MITRE ATT&CK framework, patterns involving network connectivity, connection duration, and data volume were found and loaded into a graph environment. Patterns were also found in the graphed data that matched the Reconnaissance as well as other tactics captured by UWF-Zeekdata22. The star motif was particularly useful in mapping the Reconnaissance Tactic. The results of this paper show that graph databases/graph engines can be essential tools for understanding network traffic and trying to detect network intrusions before they happen. Finally, an analysis of the runtime performance of the reduced dataset used to create the graph databases showed that the reduced datasets performed better than the full dataset.

Suggested Citation

  • Sikha S. Bagui & Dustin Mink & Subhash C. Bagui & Michael Plain & Jadarius Hill & Marshall Elam, 2023. "Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22," Future Internet, MDPI, vol. 15(7), pages 1-18, July.
    • Handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:236-:d:1188205
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/15/7/236/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/15/7/236/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:236-:d:1188205. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.