Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.
| Published in | American Journal of Computer Science and Technology (Volume 2, Issue 2) |
| DOI | 10.11648/j.ajcst.20190202.12 |
| Page(s) | 27-34 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2019. Published by Science Publishing Group |
Information System Security, Intrusion Detection, False Positive Rate, Workflow Mining
| [1] | Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Christos Tachtatzis, Robert Atkinson, Xavier Bellekens. (2019). ‘A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets’. Association for Computing Machinery. |
| [2] | Antonia Nisioti, Alexios Mylonas, PaulD. Yoo, Vasilios Katos. (2018). ‘From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Method’. IEEE communications surveys & tutorials, vol. 20, no. 4. |
| [3] | Guang Cheng, Yu-Yang Zhou. (2019). ‘An Efficient Network Intrusion Detection System Based on Feature Selection and Ensemble Classifier’. |
| [4] | Saroj Kr. Biswas. (2018). ‘Intrusion Detection Using Machine Learning: A Comparison Study’. International Journal of Pure and Applied Mathematics. |
| [5] | Rakesh Sharma, Vijay Anant Athavale. (2018). ‘Survey of Intrusion Detection Techniques and Architectures in Wireless Sensor Networks’. Int. J. Advanced Networking and Applications. |
| [6] | Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. (2018). ‘A Deep Learning Approach to Network Intrusion Detection’. IEEE transactions on emerging topics in computational intelligence, vol. 2, no. 1. |
| [7] | Christopher Kruegel, Fredrik Valeur, Giovanni Vigna. (2005). Intrusion detection and correlation, Challenges and Solutions. Springer Science + Business Media, Inc. |
| [8] | Varun Chandola, Arindam Banerjee, and Vipin Kumar. (2007). Anomaly Detection: A Survey. Karthikeyan. K. R & A. Indra. (2010). Intrusion Detection Tools and Techniques - A Survey. International Journal of Computer Theory and Engineering, Vol. 2, No. 6. |
| [9] | Animesh Patcha, Jung-Min Park. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51 (2007) 3448–3470. |
| [10] | A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur and J. Srivastava. (2003). A comparative study of anomaly detection schemes in network intrusion detection’. Army High performance computing research center. |
| [11] | Vera Marinova-Boncheva. (2007) ’A Short Survey of Intrusion Detection Systems. |
| [12] | Anita K. Jones and Robert S. Sielken. Computer System Intrusion Detection: A Survey. Department of Computer Science University of Virginia. |
| [13] | Mohamed Faisal Elrawy, Ali Ismail Awad and Hesham F. A. Hamed. (2018). ‘Intrusion detection systems for IoT-based smart environments: a survey’. |
| [14] | Shijoe Jose, D. Malathi, Bharath Reddy, Dorathi Jayaseeli. (2018). ‘A Survey on Anomaly Based Host Intrusion Detection System’. |
| [15] | Mohamed El Boujnouni and Mohamed Jedra. (2018). ‘New Intrusion Detection System Based on Support Vector Domain Description with Information Gain Metric’. |
| [16] | Mohiuddin Ahmed, Abdun Naser Mahmood, Jiankun Hu. (2016). ‘A survey of network anomaly detection techniques’. Journal of Network and Computer Applications. |
| [17] | Usman Asghar Sandhu, Sajjad Haider, Salman Naseer, Obaid Ullah Ateeb. (2011). A Survey of Intrusion Detection and Prevention Techniques. International Conference on Information Communication and Management IPCSIT, vol. 16. |
| [18] | Manish Kumar, M. Hanumanthappa, T. V. Suresh Kumar. (2011) Intrusion Detection System -False Positive Alert Reduction Technique. ACEEE Int. J. on Network Security, Vol. 02, No. 03. |
| [19] | N knkon Suyeon Yoo and Sehun Kim. (2014). Two-Phase Malicious Web Page Detection Scheme Using Misuse and Anomaly Detection. International Journal of Reliable Information and Assurance, Vol. 2, No. 1. |
| [20] | Wil van der Aalst, Ton Weijters, and Laura Maruster. (2004). Workflow Mining: Discovering Process Models from Event Logs’, IEEE transactions on knowledge and data engineering, vol. 16, No. 9. |
| [21] | Wil. M. P. Van der Aalst. (2011) ’Process mining. Discovery, Conformance and Enhancement of Business Processes. |
| [22] | W. M. P. van der Aalst, A. K. A. de Medeiros. (2005) Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance. Electronic Notes in Theoretical Computer Science, 121 (2005) 3–21. |
| [23] | Paul E. Proctor. (2000).’ The pratical Intrusion Detection Handbook’. |
| [24] | Atsa Etoundi Roger, Nkoulou Onanena Georges, Nkondock Mi Bahanag Nicolas and Mboupda Moyo Achille. (2013). A Formal Framework for Intrusion Detection within an Information System based on Workflow Audit. IJCA. |
APA Style
Nkondock Mi Bahanag Nicolas, Georges Bell Bitjoka, Emvudu Yves. (2019). A Framework for Intrusion Detection Based on Workflow Mining. American Journal of Computer Science and Technology, 2(2), 27-34. https://doi.org/10.11648/j.ajcst.20190202.12
ACS Style
Nkondock Mi Bahanag Nicolas; Georges Bell Bitjoka; Emvudu Yves. A Framework for Intrusion Detection Based on Workflow Mining. Am. J. Comput. Sci. Technol. 2019, 2(2), 27-34. doi: 10.11648/j.ajcst.20190202.12
AMA Style
Nkondock Mi Bahanag Nicolas, Georges Bell Bitjoka, Emvudu Yves. A Framework for Intrusion Detection Based on Workflow Mining. Am J Comput Sci Technol. 2019;2(2):27-34. doi: 10.11648/j.ajcst.20190202.12
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.ajcst.20190202.12,
author = {Nkondock Mi Bahanag Nicolas and Georges Bell Bitjoka and Emvudu Yves},
title = {A Framework for Intrusion Detection Based on Workflow Mining},
journal = {American Journal of Computer Science and Technology},
volume = {2},
number = {2},
pages = {27-34},
doi = {10.11648/j.ajcst.20190202.12},
url = {https://doi.org/10.11648/j.ajcst.20190202.12},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajcst.20190202.12},
abstract = {Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.},
year = {2019}
}
TY - JOUR T1 - A Framework for Intrusion Detection Based on Workflow Mining AU - Nkondock Mi Bahanag Nicolas AU - Georges Bell Bitjoka AU - Emvudu Yves Y1 - 2019/09/23 PY - 2019 N1 - https://doi.org/10.11648/j.ajcst.20190202.12 DO - 10.11648/j.ajcst.20190202.12 T2 - American Journal of Computer Science and Technology JF - American Journal of Computer Science and Technology JO - American Journal of Computer Science and Technology SP - 27 EP - 34 PB - Science Publishing Group SN - 2640-012X UR - https://doi.org/10.11648/j.ajcst.20190202.12 AB - Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work. VL - 2 IS - 2 ER -
Information
Email: