Performance of Machine Learning Algorithms on UWF-ZeekData22

With the rapid rate at which networking technologies are changing, there is a need to regularly update network activity datasets to accurately reflect the current state of network infrastructure/traffic. The uniqueness of the work is in creating labelled Zeek datasets using the MITRE ATT&CK framework. These are the first datasets of cyberattack tactics and intrusion data labelled as per the MITRE ATT&CK framework. These datasets, UWF-ZeekData22 and UWF-ZeekDataFall22, are publicly available at datasets.uwf.edu.

This presentation will outline how both the University of West Florida’s (UWF) Cyber Range and Big Data Platform were used in creating these Zeek and MITRE ATT&CK labeled cyberattack tactics and intrusion datasets. The UWF Cyber Range uses a VMWare vCenter for skills-based education for students of UWF's National Security Agency (NSA) and the Department of Homeland Security (DHS) jointly sponsored National Center of Academic Excellence in Cyber Defense (CAE-CD) Cybersecurity program. The Big Data Platform uses Apache Spark and Hadoop for Big Data education for students of UWF's Accreditation Board for Engineering and Technology (ABET) Computing Accredited Computer Science program. Both the students and technologies were combined to produce Zeek and MITRE ATT&CK labeled cyberattack and intrusion datasets in fulfillment of our research funded by the National Center of Academic Excellence in Cybersecurity, 2021 NCAE-C-002: Cyber Research Innovation Grant Program, Grant Number: H98230-21-1-0170.

Attendees Will Learn

Session attendees will learn how to create and maintain datasets labelled according to the MITRE ATT&CK framework. They will see the value added to network traffic datasets by labeling traffic with ATT&CK TTPs.