Process Mining Analysis of Puzzle-Based Cybersecurity Training

TL;DR

This paper applies process mining techniques to analyze puzzle-based cybersecurity training, aiming to improve the understanding of training processes through behavioral graph reconstruction from sparse logs.

Contribution

It introduces a unified approach for reconstructing behavioral graphs from sparse event logs in cybersecurity training and discusses data features affecting process mining usability.

Findings

Effective reconstruction of behavioral graphs from sparse logs

Identification of key data features impacting process mining

Utilization of puzzle-based gamification to manage process graph complexity

Abstract

The hands-on cybersecurity training quality is crucial to mitigate cyber threats and attacks effectively. However, practical cybersecurity training is strongly process-oriented, making the post-training analysis very difficult. This paper presents process-mining methods applied to the learning analytics workflow. We introduce a unified approach to reconstruct behavioral graphs from sparse event logs of cyber ranges. Furthermore, we discuss significant data features that affect their practical usability for educational process mining. Based on that, methods of dealing with the complexity of process graphs are presented, taking advantage of the puzzle-based gamification of in-class training sessions.