Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22

Version 1 : Received: 9 June 2023 / Approved: 9 June 2023 / Online: 9 June 2023 (09:34:24 CEST)

A peer-reviewed article of this Preprint also exists.

Bagui, S.S.; Mink, D.; Bagui, S.C.; Plain, M.; Hill, J.; Elam, M. Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22. Future Internet 2023, 15, 236. Bagui, S.S.; Mink, D.; Bagui, S.C.; Plain, M.; Hill, J.; Elam, M. Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22. Future Internet 2023, 15, 236.

Abstract

There has been a great deal of research in the area of using graph engines and graph databases to model network traffic and network attacks, but the novelty of this research lies in visually or graphically representing the Reconnaissance Tactic (TA0043) of the MITRE ATT&CK framework. Using the newly created dataset, UWF-Zeekdata22, based on the MITRE ATT&CK framework, patterns involving network connectivity, connection duration, and data volume were found and loaded into a graph environment. Patterns were also found in the graphed data that match the Reconnaissance as well as other tactics captured by UWF-Zeekdata22. The Star motif was particularly useful in mapping the Reconnaissance tactic. The results of this paper show that graph databases/graph engines can be essential tools for understanding network traffic and trying to detect network intrusions before they happen. Finally, an analysis of the run-time performance of the reduced dataset used to create the graph databases showed that the reduced datasets performed better than the full dataset.

Keywords

Graph databases; Data Visualization; MITRE ATT&CK Tactics; Star Motif; Clique Motif; Reconnaissance Tactic

Subject

Computer Science and Mathematics, Other

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.