Advertisement

Monitoring of Network to Analyze the Traffic and Analysis of Audit Trails Using Process Mining

  • Ved Prakash MishraEmail author
  • Balvinder Shukla
  • Abhay Bansal
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 958)

Abstract

Monitoring of network is an essential part of the current digital world to analyze the traffic in the organizational networks to detect the intrusions and cyber-attacks. For Intrusion detection system, many approaches have been used till now, but network administrators are still facing the problems due to false alarms. In this manuscript, we have monitored the organization network in real time for the analysis. We have also compared the different data mining approaches being used for intrusion detection method and malicious activities detection in the database using log mining approach. A model is proposed using process mining approach to detect the malicious transaction automatically in the database. The process mining approach can help to reduce the false positive alarms as compared to the current intrusion detection and prevention systems. To implement the process mining concept, audit trails for road traffic fine management process was collected and it has been analyzed to generate the processes using PRoM tool.

Keywords

Process mining Log events Data mining Network monitoring Intrusion detection Security 

References

  1. 1.
    Salama, S.E., Marie, M.I., El-Fangary, L.M., Helmy, Y.K.: Web server logs preprocessing for web intrusion detection. Comput. Inf. Sci. 4(4), 123–133 (2011). Canadian Center of Science & EducationGoogle Scholar
  2. 2.
    Vijayarani, S., Maria, S.S.: Intrusion detection system - a study. IJSPTM 4(1), 31–44 (2015)CrossRefGoogle Scholar
  3. 3.
    Hassan, M.Md.: Current studies on intrusion detection system, genetic algorithm and fuzzy logic. Int. J. Distrib. Parallel Syst. (IJDPS) 4(2), 35–47 (2013)CrossRefGoogle Scholar
  4. 4.
    Patel, R., Thakkar, A., Ganatra, A.: A survey and comparative analysis of data mining techniques for network intrusion detection systems. IJSCE 2(1), 265–271 (2012). ISSN: 2231-2307Google Scholar
  5. 5.
    Adebowale, A., Idowu, S.A., Amarachi, A.: Comparative study of selected data mining algorithms used for intrusion detection. IJSCE 3(3), 237–241 (2013). ISSN: 2231-2307Google Scholar
  6. 6.
    Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: International Joint Conference on Neural Networks (IJCNN), vol. 2, pp. 1702–1707. IEEE (2002)Google Scholar
  7. 7.
    Mishra, V.P., Shukla, B.: Process mining in intrusion detection-the need of current digital world. In: Singh, D., Raman, B., Luhach, A.K., Lingras, P. (eds.) Advanced Informatics for Computing Research. CCIS, vol. 712, pp. 238–246. Springer, Singapore (2017).  https://doi.org/10.1007/978-981-10-5780-9_22CrossRefGoogle Scholar
  8. 8.
    Van der Aalst, W.M.P., De Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions and checking process conformance. Electron. Notes Theor. Comput. Sci. 121(4), 3–21 (2005)CrossRefGoogle Scholar
  9. 9.
    Pathan, A.C., Potey, M.A.: Detection of malicious transaction in database using log mining approach. ICESC 2014, 262–265 (2014)Google Scholar
  10. 10.
    Park, S., Kang, Y.S.: A study of process mining-based business process innovation. Procedia Comput. Sci. 91, 734–743 (2016). Elsevier, Science DirectCrossRefGoogle Scholar
  11. 11.
    Ambre, A., Shekokar, N.: Insider threat detection using log analysis and event correlation. Procedia Comput. Sci. 45, 436–445 (2015)CrossRefGoogle Scholar
  12. 12.
    Mishra, V.P., Shukla, B.: Development of simulator for intrusion detection system to detect and alarm the DDoS attacks. In: IEEE International Conference on Infocom Technologies and Unmanned Systems (ICTUS 2017) (Trends and Future Directions), 10–12 December 2017Google Scholar
  13. 13.
    Lee, W., Stolfo, S., Mok, K.: A data mining framework for building intrusion detection model. In: Proceedings of IEEE Symposium Security and Privacy, pp. 120–132 (1999)Google Scholar
  14. 14.
    Van der Aalst, W.M.P.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, New York (2011)CrossRefGoogle Scholar
  15. 15.
    Weijters, A.J.M.M., Van der Aalst, W.M.P., Alves de Medeiros, A.K.: Process mining with the heuristics miner algorithm. In: BETA Working Paper Series, WP 166, Eindhoven University of Technology, Eindhoven, pp. 1–30 (2006)Google Scholar
  16. 16.
    Weijters, A.J.M.M., Van der Aalst, W.M.P.: Process mining discovering workflow models from event-based data. In: Proceedings of the 13th Belgium, Citeseer (2001)Google Scholar
  17. 17.
    Corney, M., Mohay, G., Clack, A.: Detection of anomalies from user profiles generated from system logs. In: AISC 2011, Perth Australia, CRPIT Volume 116- Information Security 2011, pp. 23–31(2011)Google Scholar
  18. 18.
    Bae, J., Liu, L., Caverlee, J., Rouse, W.B.: Process mining, discovery, and integration using distance measures. In: IEEE International Conference on Web Services (ICWS 2006) (2006)Google Scholar
  19. 19.
    Mishra, V.P., Yogeshwaran, S.: Detecting attacks using big data with process mining. Int. J. Syst. Model. Simul. 2(2), 5–7 (2017)Google Scholar
  20. 20.
  21. 21.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Ved Prakash Mishra
    • 1
    Email author
  • Balvinder Shukla
    • 2
  • Abhay Bansal
    • 2
  1. 1.Department of Computer Science and EngineeringAmity UniversityDubaiUAE
  2. 2.Amity UniversityNoidaIndia

Personalised recommendations