Process Mining and Security: Visualization in Database Intrusion Detection

Huynh, Viet; Le, An N. T.

doi:10.1007/978-3-642-30428-6_7

Cited by 5 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A novel approach for visualizing database intrusion detection using process mining techniques modelling low-level event logs has been proposed [19]. The visualization will be able to help security officers who might not know deeply the complex system, identify the true positive detection and eliminate the false positive results [19].…”

Section: Research Resultsmentioning

confidence: 99%

Section: Research Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Systematic review on process mining and security

Kelemen¹

2018

ocg

View full text Add to dashboard Cite

Security is an important issue that every organisation should address. One approach to secure systems could be the use of process mining techniques. Process mining is an emerging discipline which can extract knowledge from event logs that are available in information systems. In the security context, process mining is used to analyse security trails to detect anomalies in process execution. While some of the data mining projects are already implemented in banking, insurance and telecom sector the interesting question is: What is happening in public sector? This paper investigates the research on process mining techniques in security domain and tries to discover the examples of its implementation especially in public sector. The systematic review has been conducted in order to give an overview of state-of-the-art process mining techniques used in security context, to classify the main areas of development, algorithms, tools and to identify possible future research course.

show abstract

Section: Research Resultsmentioning

confidence: 99%

Section: Research Resultsmentioning

confidence: 99%

Systematic review on process mining and security

Kelemen¹

2018

ocg

View full text Add to dashboard Cite

show abstract

“…Moreover, there is also the danger posed by insider threats. A legitimate user with malicious intent is a more serious threat than a user with limited privileges [13]. Threats from the outside can be alleviated by defensive programming techniques, but those from the inside can be mitigated by these.…”

Section: Introductionmentioning

confidence: 98%

“…Companies and organizations managing such data need to provide strong guarantees about the confidentiality of these data to comply with legal regulations and policies [2]. Although access control mechanisms are intact right from the deployment of an RDBMS, these alone are not enough to mitigate and defend from malicious attacks [13].…”

Section: Introductionmentioning

confidence: 99%

Anomalous query access detection in RBAC-administered databases with random forest and PCA

Ronao

Cho

2016

Information Sciences

View full text Add to dashboard Cite

“…Illegal tampering or misuse of these data will not only cost companies and organizations huge monetary losses, but also incur customer damages and legal sanctions. While RDBMS provides efficient and systematic storage of data, its traditional security mechanisms, however, are not enough to protect from malicious threats [2]. An important component of a strong security framework able to protect sensitive data in these databases is an intrusion detection system (IDS).…”

Section: Introductionmentioning

confidence: 99%

Mining SQL Queries to Detect Anomalous Database Access using Random Forest and PCA

Ronao

Cho

2015

Current Approaches in Applied Artificial Intelligence

View full text Add to dashboard Cite

Abstract. Data have become a very important asset to many organizations, companies, and individuals, and thus, the security of relational databases that encapsulate these data has become a major concern. Standard database security mechanisms, as well as network-based and host-based intrusion detection systems, have been rendered inept in detecting malicious attacks directed specifically to databases. Therefore, there is an imminent need in developing an intrusion detection system (IDS) specifically for the database. In this paper, we propose the use of the random forest (RF) algorithm as the anomaly detection core mechanism, in conjunction with principal components analysis (PCA) for the task of dimension reduction. Experiments show that PCA produces a very compact, meaningful set of features, while RF, a graphical method that is most likely to exploit the inherent tree-structure characteristic of SQL queries, exhibits a consistently good performance in terms of false positive rate, false negative rate, and time complexity, even with varying number of features.

show abstract

Process Mining and Security: Visualization in Database Intrusion Detection

Cited by 5 publications

References 10 publications

Systematic review on process mining and security

Systematic review on process mining and security

Anomalous query access detection in RBAC-administered databases with random forest and PCA

Mining SQL Queries to Detect Anomalous Database Access using Random Forest and PCA

Contact Info

Product

Resources

About