| Peer-Reviewed

A Framework for Intrusion Detection Based on Workflow Mining

Received: 6 August 2019     Accepted: 6 September 2019     Published: 23 September 2019
Views:       Downloads:
Abstract

Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.

Published in American Journal of Computer Science and Technology (Volume 2, Issue 2)
DOI 10.11648/j.ajcst.20190202.12
Page(s) 27-34
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2019. Published by Science Publishing Group

Keywords

Information System Security, Intrusion Detection, False Positive Rate, Workflow Mining

References
[1] Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Christos Tachtatzis, Robert Atkinson, Xavier Bellekens. (2019). ‘A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets’. Association for Computing Machinery.
[2] Antonia Nisioti, Alexios Mylonas, PaulD. Yoo, Vasilios Katos. (2018). ‘From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Method’. IEEE communications surveys & tutorials, vol. 20, no. 4.
[3] Guang Cheng, Yu-Yang Zhou. (2019). ‘An Efficient Network Intrusion Detection System Based on Feature Selection and Ensemble Classifier’.
[4] Saroj Kr. Biswas. (2018). ‘Intrusion Detection Using Machine Learning: A Comparison Study’. International Journal of Pure and Applied Mathematics.
[5] Rakesh Sharma, Vijay Anant Athavale. (2018). ‘Survey of Intrusion Detection Techniques and Architectures in Wireless Sensor Networks’. Int. J. Advanced Networking and Applications.
[6] Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. (2018). ‘A Deep Learning Approach to Network Intrusion Detection’. IEEE transactions on emerging topics in computational intelligence, vol. 2, no. 1.
[7] Christopher Kruegel, Fredrik Valeur, Giovanni Vigna. (2005). Intrusion detection and correlation, Challenges and Solutions. Springer Science + Business Media, Inc.
[8] Varun Chandola, Arindam Banerjee, and Vipin Kumar. (2007). Anomaly Detection: A Survey. Karthikeyan. K. R & A. Indra. (2010). Intrusion Detection Tools and Techniques - A Survey. International Journal of Computer Theory and Engineering, Vol. 2, No. 6.
[9] Animesh Patcha, Jung-Min Park. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51 (2007) 3448–3470.
[10] A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur and J. Srivastava. (2003). A comparative study of anomaly detection schemes in network intrusion detection’. Army High performance computing research center.
[11] Vera Marinova-Boncheva. (2007) ’A Short Survey of Intrusion Detection Systems.
[12] Anita K. Jones and Robert S. Sielken. Computer System Intrusion Detection: A Survey. Department of Computer Science University of Virginia.
[13] Mohamed Faisal Elrawy, Ali Ismail Awad and Hesham F. A. Hamed. (2018). ‘Intrusion detection systems for IoT-based smart environments: a survey’.
[14] Shijoe Jose, D. Malathi, Bharath Reddy, Dorathi Jayaseeli. (2018). ‘A Survey on Anomaly Based Host Intrusion Detection System’.
[15] Mohamed El Boujnouni and Mohamed Jedra. (2018). ‘New Intrusion Detection System Based on Support Vector Domain Description with Information Gain Metric’.
[16] Mohiuddin Ahmed, Abdun Naser Mahmood, Jiankun Hu. (2016). ‘A survey of network anomaly detection techniques’. Journal of Network and Computer Applications.
[17] Usman Asghar Sandhu, Sajjad Haider, Salman Naseer, Obaid Ullah Ateeb. (2011). A Survey of Intrusion Detection and Prevention Techniques. International Conference on Information Communication and Management IPCSIT, vol. 16.
[18] Manish Kumar, M. Hanumanthappa, T. V. Suresh Kumar. (2011) Intrusion Detection System -False Positive Alert Reduction Technique. ACEEE Int. J. on Network Security, Vol. 02, No. 03.
[19] N knkon Suyeon Yoo and Sehun Kim. (2014). Two-Phase Malicious Web Page Detection Scheme Using Misuse and Anomaly Detection. International Journal of Reliable Information and Assurance, Vol. 2, No. 1.
[20] Wil van der Aalst, Ton Weijters, and Laura Maruster. (2004). Workflow Mining: Discovering Process Models from Event Logs’, IEEE transactions on knowledge and data engineering, vol. 16, No. 9.
[21] Wil. M. P. Van der Aalst. (2011) ’Process mining. Discovery, Conformance and Enhancement of Business Processes.
[22] W. M. P. van der Aalst, A. K. A. de Medeiros. (2005) Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance. Electronic Notes in Theoretical Computer Science, 121 (2005) 3–21.
[23] Paul E. Proctor. (2000).’ The pratical Intrusion Detection Handbook’.
[24] Atsa Etoundi Roger, Nkoulou Onanena Georges, Nkondock Mi Bahanag Nicolas and Mboupda Moyo Achille. (2013). A Formal Framework for Intrusion Detection within an Information System based on Workflow Audit. IJCA.
Cite This Article
  • APA Style

    Nkondock Mi Bahanag Nicolas, Georges Bell Bitjoka, Emvudu Yves. (2019). A Framework for Intrusion Detection Based on Workflow Mining. American Journal of Computer Science and Technology, 2(2), 27-34. https://doi.org/10.11648/j.ajcst.20190202.12

    Copy | Download

    ACS Style

    Nkondock Mi Bahanag Nicolas; Georges Bell Bitjoka; Emvudu Yves. A Framework for Intrusion Detection Based on Workflow Mining. Am. J. Comput. Sci. Technol. 2019, 2(2), 27-34. doi: 10.11648/j.ajcst.20190202.12

    Copy | Download

    AMA Style

    Nkondock Mi Bahanag Nicolas, Georges Bell Bitjoka, Emvudu Yves. A Framework for Intrusion Detection Based on Workflow Mining. Am J Comput Sci Technol. 2019;2(2):27-34. doi: 10.11648/j.ajcst.20190202.12

    Copy | Download

  • @article{10.11648/j.ajcst.20190202.12,
      author = {Nkondock Mi Bahanag Nicolas and Georges Bell Bitjoka and Emvudu Yves},
      title = {A Framework for Intrusion Detection Based on Workflow Mining},
      journal = {American Journal of Computer Science and Technology},
      volume = {2},
      number = {2},
      pages = {27-34},
      doi = {10.11648/j.ajcst.20190202.12},
      url = {https://doi.org/10.11648/j.ajcst.20190202.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajcst.20190202.12},
      abstract = {Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.},
     year = {2019}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - A Framework for Intrusion Detection Based on Workflow Mining
    AU  - Nkondock Mi Bahanag Nicolas
    AU  - Georges Bell Bitjoka
    AU  - Emvudu Yves
    Y1  - 2019/09/23
    PY  - 2019
    N1  - https://doi.org/10.11648/j.ajcst.20190202.12
    DO  - 10.11648/j.ajcst.20190202.12
    T2  - American Journal of Computer Science and Technology
    JF  - American Journal of Computer Science and Technology
    JO  - American Journal of Computer Science and Technology
    SP  - 27
    EP  - 34
    PB  - Science Publishing Group
    SN  - 2640-012X
    UR  - https://doi.org/10.11648/j.ajcst.20190202.12
    AB  - Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.
    VL  - 2
    IS  - 2
    ER  - 

    Copy | Download

Author Information
  • Department of Computer Science, Faculty of Science, University of Yaounde I, Yaounde, Cameroon

  • Department Telecommunications, National Advanced School of Engineering, University of Yaounde I, Yaounde, Cameroon

  • Department of Computer Science, Faculty of Science, University of Yaounde I, Yaounde, Cameroon

  • Sections