Abstract
The digitalization of our society is only possible in secure software systems governing ongoing critical processes. The understanding of mutual interdependencies of events and processes is crucial for cybersecurity. One of the promising ways to tackle these challenges is process mining, which is a set of techniques that aim to mine knowledge from processes. However, it is unclear how process mining can be practically used in the context of cybersecurity. In this work, we investigate the potential of applying process mining in cybersecurity and support research efforts in this area via collecting existing applications, discussing current trends, and providing promising research directions. To this end, we have conducted a systematic literature review covering all relevant works between 2014 and 2020.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
van der Aalst, W.: Using process mining to bridge the gap between BI and BPM. Computer 44(12), 77–80 (2011)
van der Aalst, W.: Process Mining: Data Science in Action, 2nd edn. Springer Publishing Company, Incorporated (2016)
Alizadeh, M., Lu, X., Fahland, D., Zannone, N., van der Aalst, W.: Linking data and process perspectives for conformance analysis. Comput. Secur. 73, 172–193 (2018)
de Alvarenga, S.C., Barbon, S., Miani, R.S., Cukier, M., Zarpelão, B.B.: Process mining and hierarchical clustering to help intrusion alert visualization. Comput. Secur. 73, 474–491 (2018)
Asghar, M.R., Hu, Q., Zeadally, S.: Cybersecurity in industrial control systems: issues, technologies, and challenges. Comput. Netw. 165, 106946 (2019)
Baader, G., Krcmar, H.: Reducing false positives in fraud detection: combining the red flag approach with process mining. Int. J. Acc. Inf. Syst. 31, 1–16 (2018)
Bahrani, A., Bidgly, A.J.: Ransomware detection using process mining and classification algorithms. In: 16th International ISC Conference on Information Security and Cryptology, pp. 73–77 (2019)
Bernardi, M.L., Cimitile, M., Distante, D., Martinelli, F., Mercaldo, F.: Dynamic malware detection and phylogeny analysis using process mining. Int. J. Inf. Secur. 18(3), 257–284 (2019)
Bernardi, S., Alastuey, R.P., Trillo-Lado, R.: Using process mining and model-driven engineering to enhance security of web information systems. In: IEEE European Symposium on Security and Privacy Workshops, pp. 160–166 (2017)
Bernardi, S., Trillo-Lado, R., Merseguer, J.: Detection of integrity attacks to smart grids using process mining and time-evolving graphs. In: 14th European Dependable Computing Conference, pp. 136–139 (2018)
Bogarín, A., Cerezo, R., Romero, C.: A survey on educational process mining. Wiley Interdisc. Rev.: Data Mining Knowl. Disc. 8(1) (2018)
Böhmer, K., Rinderle-Ma, S.: Multi-perspective anomaly detection in business process execution events. In: OTM Confederated International Conferences on the Move to Meaningful Internet Systems, pp. 80–98. Springer (2016). https://doi.org/10.1007/978-3-319-48472-3_5
Burattin, A., Sperduti, A., Veluscek, M.: Business models enhancement through discovery of roles. In: CIDM, pp. 103–110 (2013)
Burattin, A., van Zelst, S.J., Armas-Cervantes, A., van Dongen, B.F., Carmona, J.: Online conformance checking using behavioural patterns. In: Business Process Management, pp. 250–267. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-98648-7_15
Bustos-Jiménez, J., Saint-Pierre, C., Graves, A.: Applying process mining techniques to DNS traces analysis. In: 33rd International Conference of the Chilean Computer Science Society, pp. 12–16 (2014)
Carmona, J., van Dongen, B., Solti, A., Weidlich, M.: Conformance Checking. Springer (2018). https://doi.org/10.1007/978-3-319-99414-7
Cimino, M.G., De Francesco, N., Mercaldo, F., Santone, A., Vaglini, G.: Model checking for malicious family detection and phylogenetic analysis in mobile environment. Comput. Secur. 90, 101691 (2020)
Coltellese, S., Maggi, F.M., Marrella, A., Massarelli, L., Querzoni, L.: Triage of IoT attacks through process mining. In: OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”, pp. 326–344. Springer (2019). https://doi.org/10.1007/978-3-030-33246-4_22
Compagna, L., dos Santos, D.R., Ponta, S.E., Ranise, S.: Aegis: automatic enforcement of security policies in workflow-driven web applications. In: Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, pp. 321–328. ACM (2017)
Conforti, R., La Rosa, M., ter Hofstede, A.H.: Filtering out infrequent behavior from business process event logs. IEEE Trans. Knowl. Data Eng. 29(2), 300–314 (2016)
Cook, J.E., Wolf, A.L.: Automating process discovery through event-data analysis. In: Proceedings of the 17th International Conference on Software Engineering, pp. 73–82. ACM (1995)
Elkoumy, G., et al.: Privacy and confidentiality in process mining-threats and research challenges. arXiv preprint arXiv:2106.00388 (2021)
Fahland, D., van der Aalst, W.M.: Model repair-aligning process models to reality. Inform. Syst. 47, 220–243 (2015)
Sani, M.F., van Zelst, S.J., van der Aalst, W.M.: Applying sequence mining for outlier detection in process mining. In: OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”, pp. 98–116. Springer (2018). https://doi.org/10.1007/978-3-030-02671-4_6
Fazzinga, B., Folino, F., Furfaro, F., Pontieri, L.: Combining model-and example-driven classification to detect security breaches in activity-unaware logs. In: On the Move to Meaningful Internet Systems. OTM 2018 Conferences, pp. 173–190. Springer (2018). https://doi.org/10.1007/978-3-030-02671-4_10
Fazzinga, B., Folino, F., Furfaro, F., Pontieri, L.: An ensemble-based approach to the security-oriented classification of low-level log traces. Expert Syst. Appl. 153, 113386 (2020)
Genga., L., Zannone., N.: Towards a systematic process-aware behavioral analysis for security. In: Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: BASS, pp. 460–469. INSTICC, SciTePress (2018)
van Genuchten, M., Mans, R., Reijers, H., Wismeijer, D.: Is your upgrade worth it? process mining can tell. IEEE software 31(5), 94–100 (2014)
Geyer-Klingeberg, J., Nakladal, J., Baldauf, F., Veit, F.: Process mining and robotic process automation: a perfect match. In: Proceedings of the Dissertation Award, Demonstration, and Industrial Track at BPM 2018, pp. 124–131 (2018)
Ghasemi, M., Amyot, D.: From event logs to goals: a systematic literature review of goal-oriented process mining. Requirements Eng. 25(1), 67–93 (2020)
Hluchý, L., Habala, O.: Enhancing mobile device security with process mining. In: IEEE 14th International Symposium on Intelligent Systems and Informatics, pp. 181–184 (2016)
Huda, S., Ahmad, T., Sarno, R., Santoso, H.A.: Identification of process-based fraud patterns in credit application. In: 2nd International Conference on Information and Communication Technology, pp. 84–89 (2014)
Jaisook, P., Premchaiswadi, W.: Time performance analysis of medical treatment processes by using disco. In: 13th International Conference on ICT and Knowledge Engineering (ICT & Knowledge Engineering 2015), pp. 110–115. IEEE (2015)
Kelemen, R.: Systematic review on process mining and security. In: Central and Eastern European e—Dem and e—Gov Days 2017 (2017)
Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering (2007)
Lamma, E., Mello, P., Montali, M., Riguzzi, F., Storari, S.: Inducing declarative logic-based models from labeled traces. In: Business Process Management. pp. 344–359. Springer, Berlin Heidelberg (2007). https://doi.org/10.1007/978-3-540-75183-0_25
Leander, B., Causevic, A., Hansson, H.: Cybersecurity challenges in large industrial IoT systems. In: 24th IEEE International Conference on Emerging Technologies and Factory Automation, pp. 1035–1042 (2019)
Leemans, S.J.J., Fahland, D., van der Aalst, W.M.P.: Discovering block-structured process models from event logs containing infrequent behaviour. In: Business Process Management Workshops, pp. 66–78. Springer International Publishing (2014). https://doi.org/10.1007/978-3-319-06257-0_6
Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273–293 (2014)
Li, C., Ge, J., Li, Z., Huang, L., Yang, H., Luo, B.: Monitoring interactions across multi business processes with token carried data. IEEE Trans. Serv. Comput. 1 (2018)
Liu, L., De Vel, O., Han, Q., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tutorials 20(2), 1397–1417 (2018)
Macak, M., Kruzelova, D., Chren, S., Buhnova, B.: Using process mining for git log analysis of projects in a software development course. Educ. Inf. Technol. 1–31 (2021)
Macak, M., Kruzikova, A., Daubner, L., Buhnova, B.: Simulation games platform for unintentional perpetrator attack vector identification. In: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, pp. 222–229 (2020)
Macak, M., Vanat, I., Merjavy, M., Jevocin, T., Buhnova, B.: Towards process mining utilization in insider threat detection from audit logs. In: 7th International Conference on Social Networks Analysis, Management and Security, pp. 1–6 (2020)
Mardani, S., Shahriari, H.R.: A new method for occupational fraud detection in process aware information systems. In: 10th International ISC Conference on Information Security and Cryptology, pp. 1–5 (2013)
Myers, D., Radke, K., Suriadi, S., Foo, E.: Process discovery for industrial control system cyber attack detection. In: ICT Systems Security and Privacy Protection, pp. 61–75. Springer International Publishing, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_5
Myers, D., Suriadi, S., Radke, K., Foo, E.: Anomaly detection for industrial control systems using process mining. Comput. Secur. 78, 103–125 (2018)
Reinkemeyer, L.: Process Mining in Action: Principles. Use Cases and Outlook, Springer Nature (2020)
Rojas, E., Munoz-Gama, J., Sepulveda, M., Capurro, D.: Process mining in healthcare: a literature review. J. Biomed. Inform. 61, 224–236 (2016)
Rosa, N.S., Campos, G.M., Cavalcanti, D.J.: Lightweight formalisation of adaptive middleware. J. Syst. Archit. 97, 54–64 (2019)
Rozinat, A., van der Aalst, W.M.: Conformance checking of processes based on monitoring real behavior. Inf. Syst. 33(1), 64–95 (2008)
Sahlabadi, M., Muniyandi, R., Shukur, Z.: Detecting abnormal behavior in social network websites by using a process mining technique. J. Comput. Sci. 10, 393–402 (2014)
Salnitri, M., Alizadeh, M., Giovanella, D., Zannone, N., Giorgini, P.: From security-by-design to the identification of security-critical deviations in process executions. In: International Conference on Advanced Information Systems Engineering, pp. 218–234. Springer (2018). https://doi.org/10.1007/978-3-319-92901-9_19
dos Santos Garcia, C., Meincheim, A., Junior, E.R.F., Dallagassa, M.R., Sato, D.M.V., Carvalho, D.R., et al.: Process mining techniques and applications - a systematic mapping study. Expert Syst. Appl. 133, 260–295 (2019)
Senator, T.E., Goldberg, H.G., Memory, A., Young, W.T., Rees, B., Pierce, R., et al.: Detecting insider threats in a real corporate database of computer usage activity. In: Proceedings of the 19th ACM/SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1393–1401 (2013)
Talamo, M., Povilionis, A., Arcieri, F., Schunck, C.H.: Providing online operational support for distributed, security sensitive electronic business processes. In: International Carnahan Conference on Security Technology, pp. 49–54 (2015)
Viticchié, A., Regano, L., Basile, C., Torchiano, M., Ceccato, M., Tonella, P.: Empirical assessment of the effort needed to attack programs protected with client/server code splitting. Empirical Softw. Eng. 25(1), 1–48 (2020)
Williams, R., Rojas, E., Peek, N., Johnson, O.A.: Process mining in primary care: a literature review. Stud. Health Technol. Inform. 247, 376–380 (2018)
Yen, T.F., et al.: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 199–208. ACM (2013)
Young, W.T., Goldberg, H.G., Memory, A., Sartain, J.F., Senator, T.E.: Use of domain knowledge to detect insider threats in computer activities. In: 2013 IEEE Security and Privacy Workshops, pp. 60–67 (2013)
van Zelst, S.J., van Dongen, B.F., van der Aalst, W.M.: Event stream-based process discovery using abstract representations. Knowl. Inf. Syst. 54(2), 407–435 (2018)
Zerbino, P., Aloini, D., Dulmin, R., Mininno, V.: Process-mining-enabled audit of information systems: methodology and an application. Expert Syst. Appl. 110, 80–92 (2018)
Zhou, X., Jin, Y., Zhang, H., Li, S., Huang, X.: A map of threats to validity of systematic literature reviews in software engineering. In: 23rd Asia-Pacific Software Engineering Conference, pp. 153–160 (2016)
Acknowledgements
This research was supported by ERDF “CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence” (No. CZ.02.1.01/0.0/0.0/16_019/0000822).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Macak, M., Daubner, L., Sani, M.F., Buhnova, B. (2022). Cybersecurity Analysis via Process Mining: A Systematic Literature Review. In: Li, B., et al. Advanced Data Mining and Applications. ADMA 2022. Lecture Notes in Computer Science(), vol 13087. Springer, Cham. https://doi.org/10.1007/978-3-030-95405-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-95405-5_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95404-8
Online ISBN: 978-3-030-95405-5
eBook Packages: Computer ScienceComputer Science (R0)