Abstract
Industrial Cyber Physical Systems (CPS) are large-scale critical infrastructures that are vulnerable to cyberattacks with wide-ranging consequences. Being a combination of heterogeneous devices and protocols, the large-scale CPS anomaly is also exposed to critical vulnerabilities. These vulnerabilities are treated in terms of anomalies and cyberattacks, and their detection and corresponding self-healing mechanisms on large-scale critical infrastructures can be challenging because of their massive size and interconnections. With the objective of process optimization through anomaly detection and conformance-checking approach, the present work addresses different issues, such as event log generation with tools such as PLG 2.0 for data-driven approach. Self-healing is enabled through machine learning models based on anomaly classification ensemble learning-based machine learning models. The work uses process mining to analyze event log files, and then combinations of conformance-checking methods with ensemble classification models were used to best classify anomalies. Finally, the proposed work establishes that, in comparison to techniques like KNN and C-SVC, the proposed ensemble models perform better, with an accuracy of 84.7% using trace alignment as a conformance technique with gradient boosting to classify anomalies, with the end objectives of process improvement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Deng, W., Liu, W., Li, Y., Zhao, T.: A petri-net-based framework for microgrid process mining. In: 2020 IEEE 4th Conference on Energy Internet and Energy System Integration (EI2), pp. 3797–3800 (2020). https://doi.org/10.1109/EI250167.2020.9346586
Singh, P., et al.: Using log analytics and process mining to enable self-healing in the Internet of Things. Environ. Syst. Decis. 42, 234–250 (2022). https://doi.org/10.1007/s10669-022-09859-x
Bezerra, F., Wainer, J., van der Aalst, W.M.P.: Anomaly detection using process mining. In: Halpin, T., et al. (eds.) BPMDS/EMMSAD -2009. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01862-6_13
Van der Aalst, W.M., de Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions and checking process conformance. Electron. Notes Theor. Comput. Sci. 121, 3–21 (2005). https://doi.org/10.1016/j.entcs.2004.10.013
Hosseini, S.M., Aghdasi, M., Teimourpour, B., Albadvi, A.: Implementing process mining techniques to analyze performance in EPC companies. Int. J. Inf. Commun. Technol. Res. 14 (2022). https://doi.org/10.52547/itrc.14.2.66
Fani Sani, M., van Zelst, S.J., van der Aalst, W.M.P.: Applying sequence mining for outlier detection in process mining. In: Panetto, H., Debruyne, C., Proper, H.A., Ardagna, C.A., Roman, D., Meersman, R. (eds.) OTM 2018. LNCS, vol. 11230, pp. 98–116. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02671-4_6
Junior, S.B., Ceravolo, P., Damiani, E., Omori, N.J., Tavares, G.M.: Anomaly detection on event logs with a scarcity of labels (2020)
Jagadeesh Chandra Bose, R.P., van der Aalst, W.: Trace alignment in process mining: opportunities for process diagnostics. In: Hull, R., Mendling, J., Tai, S. (eds.) BPM 2010. LNCS, vol. 6336, pp. 227–242. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15618-2_17
https://itrust.sutd.edu.sg/itrust-labs-home/itrust-labs_epic/
Burattin, A.: PLG2: multiperspective processes randomization and simulation for online and offline settings (2015)
Silva, P., Schukat, M.: On the use of k-nn in intrusion detection for industrial control systems. In: Proceedings of The IT &T 13th International Conference on Information Technology and Telecommunication, Dublin, Ireland, pp. 103–106 (2014)
Anthi, E., Williams, L., Burnap, P.: Pulse: an adaptive intrusion detection for the Internet of Things IoT (2018). https://doi.org/10.1049/cp.2018.0035
Pajouh, H.H., Javidan, R., Khayami, R., Dehghantanha, A., Choo, K.K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans. Emerg. Top. Comput. 7, 314–323 (2019). https://doi.org/10.1109/TETC.2016.2633228
Stewart, B., et al.: A novel intrusion detection mechanism for SCADA systems which automatically adapts to network topology changes. EAI Endorsed Trans. Ind. Netw. Intell. Syst. 4 (2017). https://doi.org/10.4108/eai.1-2-2017.152155
Hobbs, A.: The colonial pipeline hack: Exposing vulnerabilities in U.S. cybersecurity. In: Sage Business Cases. SAGE Publications Ltd, (2021). https://doi.org/10.4135/9781529789768
Alkhadra, R., Abuzaid, J., AlShammari, M., Mohammad, N.: Solar winds hack: in-depth analysis and countermeasures. In: 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kharagpur, India, pp. 1–7 (2021). https://doi.org/10.1109/ICCCNT51525.2021.9579611
Burattin, A.: Plg2: multiperspective process randomization with online and offline simulations. BPM (Demos) (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Singh, U., Gajjala, D., Khondoker, R., Gupta, H., Sinha, A., Vyas, O.P. (2023). Anomaly Classification to Enable Self-healing in Cyber Physical Systems Using Process Mining. In: Sellmann, M., Tierney, K. (eds) Learning and Intelligent Optimization. LION 2023. Lecture Notes in Computer Science, vol 14286. Springer, Cham. https://doi.org/10.1007/978-3-031-44505-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-44505-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-44504-0
Online ISBN: 978-3-031-44505-7
eBook Packages: Computer ScienceComputer Science (R0)