Skip to main content

Process Mining and Security: Visualization in Database Intrusion Detection

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7299)

Abstract

Nowadays, more and more organizations keep their valuable and sensitive data in Database Management Systems (DBMSs). The traditional database security mechanisms such as access control mechanisms, authentication, data encryption technologies do not offer a strong enough protection against the exploitation of vulnerabilities (e.g. intrusions) in DBMSs from insiders. Intrusion detection systems recently proposed in the literature focus on statistical approaches, which are not intuitive. Our research is the first ever effort to use process mining modeling low-level event logs for database intrusion detection. We have proposed a novel approach for visualizing database intrusion detection using process mining techniques. Our experiments showed that intrusion detection visualization will be able to help security officers who might not know deeply the complex system, identify the true positive detection and eliminate the false positive results.

Keywords

  • Process mining
  • intrusion detection visualization
  • intrusion detection
  • database intrusion detection
  • event log
  • security
  • conformance

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bace, R., Mell, P.: NIST special publication on intrusion detection systems nist special publication on intrusion detection systems. NIST Special Publication, p.151 (2001)

    Google Scholar 

  2. Chung, C.Y., Gertz, M., Levitt, K.N.: DEMIDS: A misuse detection system for database systems. In: Integrity and Internal Control in Information Systems, IFIP TC11 Working Group 11.5, pp. 159–178 (1999)

    Google Scholar 

  3. Gunther, C.W., Van der Aalst, W.M.P.: Mining activity clusters from low-level event logs. Technical report (2006)

    Google Scholar 

  4. Gunther, C.W., Van der Aalst, W.M.P.: A Generic Import Framework for Process Event Logs. In: Eder, J., Dustdar, S. (eds.) BPM Workshops 2006. LNCS, vol. 4103, pp. 81–92. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  5. Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC 2004), New York, USA, pp. 711–716 (2004)

    Google Scholar 

  6. Kabiri, P., Ghorbani, A.A.: Research on intrusion detection and response: A survey. International Journal of Network Security 1(2), 84–102 (2005)

    Google Scholar 

  7. Kundu, A., Sural, S., Majumdar, A.K.: Database intrusion detection using sequence alignment. Int. J. Inf. Secur. 9, 179–191 (2010)

    CrossRef  Google Scholar 

  8. Mansmann, F., Fischer, F., Keim, D.A., North, S.C.: Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations. In: Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology (CHiMiT 2009), pp. 19–28 (2009)

    Google Scholar 

  9. Online. Transaction processing performance council, TPC-C (2009)

    Google Scholar 

  10. Srivastava, A., Sural, S., Majumdar, A.K.: Weighted Intra-transactional Rule Mining for Database Intrusion Detection. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS (LNAI), vol. 3918, pp. 611–620. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  11. Van der Aalst, W.M.P., Van Dongen, B.F., Herbst, J., Maruster, L., Schimm, G., Weijters, A.J.M.M.: Workflow mining: a survey of issues and approaches. Data and Knowledge Engineering 47, 237–267 (2003)

    CrossRef  Google Scholar 

  12. Van Dongen, B.F., de Medeiros, A.K.A., Verbeek, H.M.W., Weijters, A.J.M.M., van der Aalst, W.M.P.: The ProM Framework: A New Era in Process Mining Tool Support. In: Ciardo, G., Darondeau, P. (eds.) ICATPN 2005. LNCS, vol. 3536, pp. 444–454. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  13. Van der Aalst, W.M.P., Alves de Medeiros, A.K.: Process mining and security: Detecting anomalous process executions and checking process conformance. Electronic Notes in Theoretical Computer Science 121(4), 3–21 (2005)

    CrossRef  Google Scholar 

  14. Van der Aalst, W.M.P., Van Hee, K.M.: Workflow Management: Models, Methods, and Systems. MIT Press, Cambridge (2002)

    Google Scholar 

  15. Weijters, A.J.M.M., Van der Aalst, W.M.P., Alves de Medeiros, A.K.: Process mining with the heuristics miner algorithm. Technical report, Eindhoven University of Technology, Eindhoven (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huynh, V.H., Le, A.N.T. (2012). Process Mining and Security: Visualization in Database Intrusion Detection. In: Chau, M., Wang, G.A., Yue, W.T., Chen, H. (eds) Intelligence and Security Informatics. PAISI 2012. Lecture Notes in Computer Science, vol 7299. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30428-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30428-6_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30427-9

  • Online ISBN: 978-3-642-30428-6

  • eBook Packages: Computer ScienceComputer Science (R0)