Towards a systematic process-aware behavioral analysis for security

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)
4 Downloads (Pure)

Abstract

Nowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.

Original languageEnglish
Title of host publicationProceedings of the 15th International Joint Conference on e-Business and Telecommunications
EditorsAngel Serrano Sanchez de Leon, Paulo Novais, Sebastiano Battiato, Panagiotis Sarigiannidis, Mohammad S. Obaidat, Mohammad S. Obaidat, Christian Callegari, Marten van Sinderen, Pascal Lorenz
Place of PublicationSetúbal
PublisherSCITEPRESS-Science and Technology Publications, Lda.
Pages460-469
Number of pages10
ISBN (Electronic)978-989-758-319-3
DOIs
Publication statusPublished - 1 Jan 2018
Event15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Porto, Portugal
Duration: 26 Jul 201828 Jul 2018

Conference

Conference15th International Joint Conference on e-Business and Telecommunications, ICETE 2018
CountryPortugal
CityPorto
Period26/07/1828/07/18

Fingerprint

Mathematical models
Engines

Keywords

  • Behavior Analysis
  • Process Mining

Cite this

Genga, L., & Zannone, N. (2018). Towards a systematic process-aware behavioral analysis for security. In A. S. S. de Leon, P. Novais, S. Battiato, P. Sarigiannidis, M. S. Obaidat, M. S. Obaidat, C. Callegari, M. van Sinderen, ... P. Lorenz (Eds.), Proceedings of the 15th International Joint Conference on e-Business and Telecommunications (pp. 460-469). Setúbal: SCITEPRESS-Science and Technology Publications, Lda.. https://doi.org/10.5220/0006944604600469
Genga, Laura ; Zannone, Nicola. / Towards a systematic process-aware behavioral analysis for security. Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. editor / Angel Serrano Sanchez de Leon ; Paulo Novais ; Sebastiano Battiato ; Panagiotis Sarigiannidis ; Mohammad S. Obaidat ; Mohammad S. Obaidat ; Christian Callegari ; Marten van Sinderen ; Pascal Lorenz. Setúbal : SCITEPRESS-Science and Technology Publications, Lda., 2018. pp. 460-469
@inproceedings{59efc9e436224aa7a7fe97ddbdd8ba3c,
title = "Towards a systematic process-aware behavioral analysis for security",
abstract = "Nowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.",
keywords = "Behavior Analysis, Process Mining",
author = "Laura Genga and Nicola Zannone",
year = "2018",
month = "1",
day = "1",
doi = "10.5220/0006944604600469",
language = "English",
pages = "460--469",
editor = "{de Leon}, {Angel Serrano Sanchez} and Paulo Novais and Sebastiano Battiato and Panagiotis Sarigiannidis and Obaidat, {Mohammad S.} and Obaidat, {Mohammad S.} and Christian Callegari and {van Sinderen}, Marten and Pascal Lorenz",
booktitle = "Proceedings of the 15th International Joint Conference on e-Business and Telecommunications",
publisher = "SCITEPRESS-Science and Technology Publications, Lda.",

}

Genga, L & Zannone, N 2018, Towards a systematic process-aware behavioral analysis for security. in ASS de Leon, P Novais, S Battiato, P Sarigiannidis, MS Obaidat, MS Obaidat, C Callegari, M van Sinderen & P Lorenz (eds), Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. SCITEPRESS-Science and Technology Publications, Lda., Setúbal, pp. 460-469, 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018, Porto, Portugal, 26/07/18. https://doi.org/10.5220/0006944604600469

Towards a systematic process-aware behavioral analysis for security. / Genga, Laura; Zannone, Nicola.

Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. ed. / Angel Serrano Sanchez de Leon; Paulo Novais; Sebastiano Battiato; Panagiotis Sarigiannidis; Mohammad S. Obaidat; Mohammad S. Obaidat; Christian Callegari; Marten van Sinderen; Pascal Lorenz. Setúbal : SCITEPRESS-Science and Technology Publications, Lda., 2018. p. 460-469.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Towards a systematic process-aware behavioral analysis for security

AU - Genga, Laura

AU - Zannone, Nicola

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Nowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.

AB - Nowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.

KW - Behavior Analysis

KW - Process Mining

UR - http://www.scopus.com/inward/record.url?scp=85062610118&partnerID=8YFLogxK

U2 - 10.5220/0006944604600469

DO - 10.5220/0006944604600469

M3 - Conference contribution

AN - SCOPUS:85062610118

SP - 460

EP - 469

BT - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications

A2 - de Leon, Angel Serrano Sanchez

A2 - Novais, Paulo

A2 - Battiato, Sebastiano

A2 - Sarigiannidis, Panagiotis

A2 - Obaidat, Mohammad S.

A2 - Obaidat, Mohammad S.

A2 - Callegari, Christian

A2 - van Sinderen, Marten

A2 - Lorenz, Pascal

PB - SCITEPRESS-Science and Technology Publications, Lda.

CY - Setúbal

ER -

Genga L, Zannone N. Towards a systematic process-aware behavioral analysis for security. In de Leon ASS, Novais P, Battiato S, Sarigiannidis P, Obaidat MS, Obaidat MS, Callegari C, van Sinderen M, Lorenz P, editors, Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Setúbal: SCITEPRESS-Science and Technology Publications, Lda. 2018. p. 460-469 https://doi.org/10.5220/0006944604600469