Process mining and security: detecting anomalous process executions and checking process conformance

W.M.P. Aalst, van der; A.K. Alves De Medeiros

Process mining and security: detecting anomalous process executions and checking process conformance

W.M.P. Aalst, van der, A.K. Alves De Medeiros

Information Systems IE&IS

Research output: Contribution to journal › Article › Academic › peer-review

88 Citations (Scopus)

2 Downloads (Pure)

Abstract

One approach to secure systems is through the analysis of audit trails. An audit trail is a record of all events that take place in a system and across a network, i.e., it provides a trace of user/system actionssothatsecurityeventscanberelatedtotheactionsofaspecific individual or system component. Audit trails can be inspected for the presence or absence of certain patterns. This paper advocates the use of process mining techniques to analyze audit trails for security violations. It is shown how a specific algorithm, called the a-algorithm, can be used to support security efforts at various levels ranging from low-level intrusion detection to high-level fraud prevention.

Original language	English
Pages (from-to)	3-21
Journal	Electronic Notes in Theoretical Computer Science
Volume	121
Publication status	Published - 2005

Fingerprint Dive into the research topics of 'Process mining and security: detecting anomalous process executions and checking process conformance'. Together they form a unique fingerprint.

Cite this

@article{7f8ef7ae070240bcabcef75703092b33,

title = "Process mining and security: detecting anomalous process executions and checking process conformance",

abstract = "One approach to secure systems is through the analysis of audit trails. An audit trail is a record of all events that take place in a system and across a network, i.e., it provides a trace of user/system actionssothatsecurityeventscanberelatedtotheactionsofaspecific individual or system component. Audit trails can be inspected for the presence or absence of certain patterns. This paper advocates the use of process mining techniques to analyze audit trails for security violations. It is shown how a specific algorithm, called the a-algorithm, can be used to support security efforts at various levels ranging from low-level intrusion detection to high-level fraud prevention.",

author = "{Aalst, van der}, W.M.P. and {Alves De Medeiros}, A.K.",

year = "2005",

language = "English",

volume = "121",

pages = "3--21",

journal = "Electronic Notes in Theoretical Computer Science",

issn = "1571-0661",

publisher = "Elsevier",

}

TY - JOUR

T1 - Process mining and security: detecting anomalous process executions and checking process conformance

AU - Aalst, van der, W.M.P.

AU - Alves De Medeiros, A.K.

PY - 2005

Y1 - 2005

N2 - One approach to secure systems is through the analysis of audit trails. An audit trail is a record of all events that take place in a system and across a network, i.e., it provides a trace of user/system actionssothatsecurityeventscanberelatedtotheactionsofaspecific individual or system component. Audit trails can be inspected for the presence or absence of certain patterns. This paper advocates the use of process mining techniques to analyze audit trails for security violations. It is shown how a specific algorithm, called the a-algorithm, can be used to support security efforts at various levels ranging from low-level intrusion detection to high-level fraud prevention.

AB - One approach to secure systems is through the analysis of audit trails. An audit trail is a record of all events that take place in a system and across a network, i.e., it provides a trace of user/system actionssothatsecurityeventscanberelatedtotheactionsofaspecific individual or system component. Audit trails can be inspected for the presence or absence of certain patterns. This paper advocates the use of process mining techniques to analyze audit trails for security violations. It is shown how a specific algorithm, called the a-algorithm, can be used to support security efforts at various levels ranging from low-level intrusion detection to high-level fraud prevention.

M3 - Article

VL - 121

SP - 3

EP - 21

JO - Electronic Notes in Theoretical Computer Science

JF - Electronic Notes in Theoretical Computer Science

SN - 1571-0661

ER -