Abstract
In the context of security risk analysis, we address the problem of classifying log traces describing business process executions. Specifically, on the basis of some (possibly incomplete) knowledge of the process structures and of the patterns representing unsecure behaviors, we classify each trace as instance of some process and/or as potential security breach. This classification is addressed in the challenging setting where each event has not a unique interpretation in terms of the activity that has generated it, but it can correspond to more activities. In our framework, the event/activity mapping is encoded probabilistically, and the models describing the processes and the security breaches are expressed in terms of precedence/causality rules over the activities. Each trace is classified on the basis of the conformance of its possible interpretations, generated by a Monte Carlo mechanism, to the security-breach models and/or the process models. The framework has been experimentally proved to be efficient and effective.
Keywords
- Potential Security Breaches
- Security Risk Analysis
- Open-world Scenario
- Closed World Assumption
- Trace Length
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Van der Aalst, W., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE TKDE 16(9), 1128–1142 (2004)
van der Aalst, W.M.P., Pesic, M., Schonenberg, H.: Declarative workflows: balancing between flexibility and support. Comput. Sci. - R&D 23(2), 99–113 (2009)
van der Aalst, W.M.P., de Beer, H.T., van Dongen, B.F.: Process mining and verification of properties: an approach based on temporal logic. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3760, pp. 130–147. Springer, Heidelberg (2005)
Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: Proceedings of ACM SAC, pp. 1709–1716. ACM (2012)
Accorsi, R., Stocker, T., Müller, G.: On the exploitation of process mining for security audits: the process discovery case. In: Proceedings of ACM SAC, pp. 1462–1468. ACM (2013)
Agresti, A., Coull, B.A.: Approximate is better than “exact” for interval estimation of binomial proportions. Am. Stat. 52(2), 119–126 (1998)
Baier, T., Mendling, J., Weske, M.: Bridging abstraction layers in process mining. Inf. Syst. 46, 123–139 (2014)
Baier, T., Rogge-Solti, A., Weske, M., Mendling, J.: Matching of events and activities - an approach based on constraint satisfaction. In: Frank, U., Loucopoulos, P., Pastor, Ó., Petrounias, I. (eds.) PoEM 2014. LNBIP, vol. 197, pp. 58–72. Springer, Heidelberg (2014)
Bose, R., van der Aalst, W.M.: Discovering signature patterns from event logs. In: Symposium on Computational Intelligence and Data Mining (CIDM), pp. 111–118 (2013)
Cybenko, G., Berk, V.H.: Process query systems. IEEE Comput. 40(1), 62–70 (2007)
van Dongen, B.: BPI challenge 2014: Activity log for incidents (2014). http://dx.org/10.4121/uuid:86977bac-f874-49cf-8337-80f26bf5d2ef
Greco, G., Guzzo, A., Lupia, F., Pontieri, L.: Process discovery under precedence constraints. ACM Trans. Knowl. Discov. Data 9(4), 32:1–32:39 (2015)
Jans, M., van der Werf, J., Lybaert, N., Vanhoof, K.: A business process mining application for internal transaction fraud mitigation. Expert Syst. Appl. 38(10), 13351–13359 (2011)
Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Technical report, DTIC Document (2005)
Rozinat, A., van der Aalst, W.M.: Conformance checking of processes based on monitoring real behavior. Inf. Syst. 33(1), 64–95 (2008)
Sadiq, S.W., Orlowska, M.E., Sadiq, W.: Specification and validation of process constraints for flexible workflows. Inf. Syst. 30(5), 349–378 (2005)
Sauer, T., Minor, M., Bergmann, R.: Inverse workflows for supporting agile business process management. In: Wissensmanagement, pp. 204–213 (2011)
Suriadi, S., Weiß, B., Winkelmann, A., ter Hofstede, A.H., Adams, M., Conforti, R., Fidge, C., La Rosa, M., Ouyang, C., Rosemann, M., et al.: Current research in risk-aware business process management: overview, comparison, and gap analysis. CAIS 34(1), 933–984 (2014)
Werner-Stark, A., Dulai, T.: Agent-based analysis and detection of functional faults of vehicle industry processes: a process mining approach. In: Jezic, G., Kusek, M., Nguyen, N.-T., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2012. LNCS, vol. 7327, pp. 424–433. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Fazzinga, B., Flesca, S., Furfaro, F., Pontieri, L. (2016). Classifying Traces of Event Logs on the Basis of Security Risks. In: Ceci, M., Loglisci, C., Manco, G., Masciari, E., Ras, Z. (eds) New Frontiers in Mining Complex Patterns. NFMCP 2015. Lecture Notes in Computer Science(), vol 9607. Springer, Cham. https://doi.org/10.1007/978-3-319-39315-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-39315-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39314-8
Online ISBN: 978-3-319-39315-5
eBook Packages: Computer ScienceComputer Science (R0)