Sikha S. Bagui, Dustin Mink, Subhash C. Bagui, Jadarius Hill, Farooq Mahmud and Michael Plain, University of West Florida, USA

This study uses motif-based graph databases to visualize and classify tactics in the MITRE ATT&CK framework. Machine Learning classification models, capable of detecting Reconnaissance network attack tactics, labeled as per the MITRE ATT&CK framework, are created for the newly created UWF-ZeekData22 dataset. The work analyzes Zeek Connection logs. Feature selection is performed using graph motifs. Results show that model performance can be increased using various network graph motifs. Upon completion of this work, it was concluded that, of the motifs used, the Star motif performed the best; and, the most important feature for predicting Reconnaissance network attacks within the Zeek Connection Logs dataset was the “From” feature, or Source IP, which represents the network address from where the connection is originating. It was also determined that, irrespective of which motif was used to train the model, the Decision Tree algorithm performed best.

Graph Databases, Motifs, Star Motif, Reconnaissance, Machine Learning, Cybersecurity, Visualizing attacks