A Framework for Intrusion Detection Based on Workflow Mining
American Journal of Computer Science and Technology
Volume 2, Issue 2, June 2019, Pages: 27-34
Received: Aug. 6, 2019; Accepted: Sep. 6, 2019; Published: Sep. 23, 2019
Views 100      Downloads 30
Authors
Nkondock Mi Bahanag Nicolas, Department of Computer Science, Faculty of Science, University of Yaounde I, Yaounde, Cameroon
Georges Bell Bitjoka, Department Telecommunications, National Advanced School of Engineering, University of Yaounde I, Yaounde, Cameroon
Emvudu Yves, Department of Computer Science, Faculty of Science, University of Yaounde I, Yaounde, Cameroon
Article Tools
Follow on us
Abstract
Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.
Keywords
Information System Security, Intrusion Detection, False Positive Rate, Workflow Mining
To cite this article
Nkondock Mi Bahanag Nicolas, Georges Bell Bitjoka, Emvudu Yves, A Framework for Intrusion Detection Based on Workflow Mining, American Journal of Computer Science and Technology. Vol. 2, No. 2, 2019, pp. 27-34. doi: 10.11648/j.ajcst.20190202.12
Copyright
Copyright © 2019 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
References
[1]
Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Christos Tachtatzis, Robert Atkinson, Xavier Bellekens. (2019). ‘A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets’. Association for Computing Machinery.
[2]
Antonia Nisioti, Alexios Mylonas, PaulD. Yoo, Vasilios Katos. (2018). ‘From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Method’. IEEE communications surveys & tutorials, vol. 20, no. 4.
[3]
Guang Cheng, Yu-Yang Zhou. (2019). ‘An Efficient Network Intrusion Detection System Based on Feature Selection and Ensemble Classifier’.
[4]
Saroj Kr. Biswas. (2018). ‘Intrusion Detection Using Machine Learning: A Comparison Study’. International Journal of Pure and Applied Mathematics.
[5]
Rakesh Sharma, Vijay Anant Athavale. (2018). ‘Survey of Intrusion Detection Techniques and Architectures in Wireless Sensor Networks’. Int. J. Advanced Networking and Applications.
[6]
Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. (2018). ‘A Deep Learning Approach to Network Intrusion Detection’. IEEE transactions on emerging topics in computational intelligence, vol. 2, no. 1.
[7]
Christopher Kruegel, Fredrik Valeur, Giovanni Vigna. (2005). Intrusion detection and correlation, Challenges and Solutions. Springer Science + Business Media, Inc.
[8]
Varun Chandola, Arindam Banerjee, and Vipin Kumar. (2007). Anomaly Detection: A Survey. Karthikeyan. K. R & A. Indra. (2010). Intrusion Detection Tools and Techniques - A Survey. International Journal of Computer Theory and Engineering, Vol. 2, No. 6.
[9]
Animesh Patcha, Jung-Min Park. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51 (2007) 3448–3470.
[10]
A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur and J. Srivastava. (2003). A comparative study of anomaly detection schemes in network intrusion detection’. Army High performance computing research center.
[11]
Vera Marinova-Boncheva. (2007) ’A Short Survey of Intrusion Detection Systems.
[12]
Anita K. Jones and Robert S. Sielken. Computer System Intrusion Detection: A Survey. Department of Computer Science University of Virginia.
[13]
Mohamed Faisal Elrawy, Ali Ismail Awad and Hesham F. A. Hamed. (2018). ‘Intrusion detection systems for IoT-based smart environments: a survey’.
[14]
Shijoe Jose, D. Malathi, Bharath Reddy, Dorathi Jayaseeli. (2018). ‘A Survey on Anomaly Based Host Intrusion Detection System’.
[15]
Mohamed El Boujnouni and Mohamed Jedra. (2018). ‘New Intrusion Detection System Based on Support Vector Domain Description with Information Gain Metric’.
[16]
Mohiuddin Ahmed, Abdun Naser Mahmood, Jiankun Hu. (2016). ‘A survey of network anomaly detection techniques’. Journal of Network and Computer Applications.
[17]
Usman Asghar Sandhu, Sajjad Haider, Salman Naseer, Obaid Ullah Ateeb. (2011). A Survey of Intrusion Detection and Prevention Techniques. International Conference on Information Communication and Management IPCSIT, vol. 16.
[18]
Manish Kumar, M. Hanumanthappa, T. V. Suresh Kumar. (2011) Intrusion Detection System -False Positive Alert Reduction Technique. ACEEE Int. J. on Network Security, Vol. 02, No. 03.
[19]
N knkon Suyeon Yoo and Sehun Kim. (2014). Two-Phase Malicious Web Page Detection Scheme Using Misuse and Anomaly Detection. International Journal of Reliable Information and Assurance, Vol. 2, No. 1.
[20]
Wil van der Aalst, Ton Weijters, and Laura Maruster. (2004). Workflow Mining: Discovering Process Models from Event Logs’, IEEE transactions on knowledge and data engineering, vol. 16, No. 9.
[21]
Wil. M. P. Van der Aalst. (2011) ’Process mining. Discovery, Conformance and Enhancement of Business Processes.
[22]
W. M. P. van der Aalst, A. K. A. de Medeiros. (2005) Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance. Electronic Notes in Theoretical Computer Science, 121 (2005) 3–21.
[23]
Paul E. Proctor. (2000).’ The pratical Intrusion Detection Handbook’.
[24]
Atsa Etoundi Roger, Nkoulou Onanena Georges, Nkondock Mi Bahanag Nicolas and Mboupda Moyo Achille. (2013). A Formal Framework for Intrusion Detection within an Information System based on Workflow Audit. IJCA.
ADDRESS
Science Publishing Group
1 Rockefeller Plaza,
10th and 11th Floors,
New York, NY 10020
U.S.A.
Tel: (001)347-983-5186