TY - GEN
T1 - Challenges in IT Security Processes and Solution Approaches with Process Mining
AU - Sundararaj, Aynesh
AU - Knittl, Silvia
AU - Grossklags, Jens
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Process mining is a rapidly developing field of data science currently focusing on business processes. The approach involves many techniques that may contribute to cyber security analysis as well. In particular, the measurement of deviations from a defined process is a central topic in process mining, and could find application in the context of IT security. In this paper, we present a solution approach for IT security with process mining, which is based on experiments that we conducted on an Identity and Access Management (IAM) scenario. We have designed and implemented an appropriate lifelike environment and use cases to demonstrate both the suitability and limitations of process mining for cyber security processes. While process mining can detect deviations from cyber processes very well, not all deviations are relevant for security. Thus, more research on how to incorporate threat analysis into process mining will be necessary in the future.
AB - Process mining is a rapidly developing field of data science currently focusing on business processes. The approach involves many techniques that may contribute to cyber security analysis as well. In particular, the measurement of deviations from a defined process is a central topic in process mining, and could find application in the context of IT security. In this paper, we present a solution approach for IT security with process mining, which is based on experiments that we conducted on an Identity and Access Management (IAM) scenario. We have designed and implemented an appropriate lifelike environment and use cases to demonstrate both the suitability and limitations of process mining for cyber security processes. While process mining can detect deviations from cyber processes very well, not all deviations are relevant for security. Thus, more research on how to incorporate threat analysis into process mining will be necessary in the future.
KW - Conformance checking
KW - IT Security Process
KW - Process mining
UR - http://www.scopus.com/inward/record.url?scp=85092126966&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-59817-4_8
DO - 10.1007/978-3-030-59817-4_8
M3 - Conference contribution
AN - SCOPUS:85092126966
SN - 9783030598167
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 123
EP - 138
BT - Security and Trust Management - 16th International Workshop, STM 2020, Proceedings
A2 - Markantonakis, Kostantinos
A2 - Petrocchi, Marinella
PB - Springer Science and Business Media Deutschland GmbH
T2 - 16th International Workshop on Security and Trust Management, STM 2020, held in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020
Y2 - 17 September 2020 through 18 September 2020
ER -