Differences

This shows you the differences between two versions of the page.

Link to this comparison view

blogs:pub2005:process_mining_and_security_detecting_anomalous_process_executions_and_checking_process_conformance [2009/05/25 12:15] (current)
Line 1: Line 1:
 +====== Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance ======
 +
 +W.M.P. van der Aalst and A.K.A. de Medeiros\\
 +//​Electronic Notes in Theoretical Computer Science, 121:3-21, 2005//\\
 +
 +===== Abstract =====
 +
 +One approach to secure systems is through the analysis of
 +audit trails. An audit trail is a record of all events that take place in
 +a system and across a network, i.e., it provides a trace of user/system
 +actions so that security events can be related to the actions of a specific
 +individual or system component. Audit trails can be inspected for the
 +presence or absence of certain patterns. This paper advocates the use of
 +process mining techniques to analyze audit trails for security violations. It
 +is shown how a specific algorithm, called the α-algorithm,​ can be used to
 +support security efforts at various levels ranging from low-level intrusion
 +detection to high-level fraud prevention.
 +
 +===== Links =====
 +
 +{{publications:​Aalst2005b.pdf|Download PDF}} (509 KB)
 +
 +
 +