Identifying the Root Cause of a Cyber Attack Through Log Data Analysis: An Overview of the Challenges Faced by Novice Learners

Identifying the Root Cause of a Cyber Attack Through Log Data Analysis: An Overview of the Challenges Faced by Novice Learners

연구 분야: Safety

학회: Annual ACM India Compute Conference

Cyber security has become a critical concern in today’s digital age, and log data analysis plays a pivotal role in investigating the root causes of cyber attacks. However, the teaching and learning of the log data analysis process is intricate, especially in root cause analysis (RCA), necessitating diverse domains of expertise and background knowledge. This study addresses a significant research gap in the existing literature by a comparative analysis of cyber attack RCA performed by novices and experts through log data analysis. The study design process initially involved novices with limited cyber security experience (senior undergraduate Computer Science students) performing a log data analysis of a cyber attack, followed by industry professionals (subject matter experts) performing the same log data analysis. In the research, the participants identified the root causes of a cyber attack through log data analysis, culminating in generating an attack tree as an outcome. The objective was to assess novices’ ability to identify and deduce the root causes of cyber attacks from log data and generate a comprehensive attack tree through causal reasoning. The follow-up observation and reflections were supplemented by artefact analysis and simulated recall interviews. The study’s findings shed light on the disparities in log data analysis skills between novices and subject matter experts. It reveals novices’ key challenges compared to experts and the nature of novices’ difficulties. The results of this research also offer valuable insights into the industry practices of log data analysis by experts and their advice contributing to developing more effective teaching-learning methodologies for cyber security education.