Abstract
Nowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.
Original language | English |
---|---|
Title of host publication | Proceedings of the 15th International Joint Conference on e-Business and Telecommunications |
Editors | Angel Serrano Sanchez de Leon, Paulo Novais, Sebastiano Battiato, Panagiotis Sarigiannidis, Mohammad S. Obaidat, Christian Callegari, Marten van Sinderen, Pascal Lorenz |
Place of Publication | Setúbal |
Publisher | SciTePress Digital Library |
Pages | 460-469 |
Number of pages | 10 |
ISBN (Electronic) | 978-989-758-319-3 |
DOIs | |
Publication status | Published - 1 Jan 2018 |
Event | 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Porto, Portugal Duration: 26 Jul 2018 → 28 Jul 2018 |
Conference
Conference | 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 |
---|---|
Country/Territory | Portugal |
City | Porto |
Period | 26/07/18 → 28/07/18 |
Funding
This work is partially supported by ITEA3 through the APPSTACLE project (15017) and by ECSEL through the SECREDAS project.
Keywords
- Behavior Analysis
- Process Mining