Process Mining in Intrusion Detection-The Need of Current Digital World

  • Ved Prakash MishraEmail author
  • Balvinder Shukla
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 712)


In the current age of digital world, all users of Internet/Network as well as organizations are suffering from intrusions which results into data/information are theft/loss. In the present manuscript concept of intrusion detection system (IDS) were discussed along with its types and basic approaches. It is found that signature analysis, expert system, data mining etc. still using for IDS. Survey was given related to cybercrime incidents across various industry sectors. After analyzing the attacks on networks of organizations in different industry sectors it is found that still attacks like DDoS are not preventable. Comparison of data mining algorithms used for intrusion detection was also done. Various methods to implement the algorithm along with the advantages and disadvantages were also discussed in detail. Because of the disadvantages like over fitting, slow testing speed, unstable algorithms etc., intruders in the network are still active. To avert these shortcomings there is a need to develop real-time intrusion detection and prevention system through which data/information can be protected and saved in real-time basis before a severe loss is experienced. The real-time prevention is possible only if alerts are received instantly without delays. For this purpose, process mining could be used. This technique gives instant time alerts with real time analysis so as to prevent intrusions and data loss.


Process mining Data mining Intrusion Audit trails/event logs Security 


  1. 1.
    Fekolkin, R.: Intrusion detection & prevention system: overview of snort & suricata. Internet Security, A7011N, Lulea University of Technology, pp 1–4, 06 January 2015Google Scholar
  2. 2.
    Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: International Joint Conference on Neural Networks (IJCNN), vol. 2, pp. 1702–1707. IEEE (2002)Google Scholar
  3. 3.
    Van der Aalst, W.M.P., De Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions and checking process conformance. Electron. Notes Theor. Comput. Sci. 121(4), 3–21 (2005)CrossRefzbMATHGoogle Scholar
  4. 4.
    Ambre, A., Shekokar, N.: Insider threat detection using log analysis and event correlation. Procedia Comput. Sci. 45, 436–445 (2015). Elsevier, Science DirectCrossRefGoogle Scholar
  5. 5.
    Pawar, M.V., Anuradha, J.: Network security and types of attack in network. Procedia Comput. Sci. 48, 503–506 (2015). Elsevier, Science DirectCrossRefGoogle Scholar
  6. 6.
    Salama, S.E., Marie, M.I., El-Fangary, L.M., Helmy, Y.K.: Web server logs preprocessing for web intrusion detection. Comput. Inf. Sci. 4(4), 123–133 (2011). Canadian Center of Science & EducationGoogle Scholar
  7. 7.
    Vijayarani, S., Maria, S.S.: Intrusion detection system- a study. IJSPTM 4(1), 31–44 (2015)CrossRefGoogle Scholar
  8. 8.
    Amiri, E., Hassan, K., Heidari, H., Mohamadi, E., Hossein, M.: Intrusion detection system in MANET: a review. Procedia-Soc. Behav. Sci. 129, 453–459 (2014)CrossRefGoogle Scholar
  9. 9.
    Hassan, M.M.M.: Current studies on intrusion detection system, genetic algorithm and fuzzy logic. Int. J. Distrib. Parallel Syst. (IJDPS) 4(2), 35–47 (2013)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Bezerra, F., Wainer, J.: Anomaly detection algorithms in business process logs. In: Proceedings of the Tenth International Conference on Enterprise Information Systems, ICEIS 2008. AIDSS (2008)Google Scholar
  11. 11.
    Patel, R., Thakkar, A., Ganatra, A.: A survey and comparative analysis of data mining techniques for network intrusion detection systems. IJSCE 2(1), 265–271 (2012). ISSN 2231-2307Google Scholar
  12. 12.
    Adebowale, A., Idowu, S.A., Amarachi, A.: Comparative study of selected data mining algorithms used for intrusion detection. IJSCE 3(3), 237–241 (2013). ISSN 2231-2307Google Scholar
  13. 13.
    Lee, W., Stolfo, S., Mok, K.: A data mining framework for building intrusion detection model. In: Proceedings of the IEEE Symposium Security and Privacy, pp. 120–132 (1999)Google Scholar
  14. 14.
    Van der Aalst, W.M.P.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, New York (2011)CrossRefzbMATHGoogle Scholar
  15. 15.
    Claes, J., Poels, G.: Merging event logs for process mining: a rule based merging method and rule suggestion algorithm. Expert Syst. Appl. 41(16), 7291–7306 (2014)CrossRefGoogle Scholar
  16. 16.
    Weijters, A.J.M.M., Van der Aalst, W.M.P., Alves de Medeiros, A.K.: Process mining with the heuristics miner algorithm. In: BETA Working Paper Series, WP 166. Eindhoven University of Technology, Eindhoven, pp. 1–30 (2006)Google Scholar
  17. 17.
    Weijters, A.J.M.M., Van der Aalst, W.M.P.: Process mining discovering workflow models from event-based data. In: Proceedings of the 13th Belgium. Citeseer (2001)Google Scholar
  18. 18.
    Corney, M., Mohay, G., Clack, A.: Detection of anomalies from user profiles generated from system logs. In: CRPIT - Information Security 2011, AISC 2011, Perth Australia, vol. 116, pp. 23–31 (2011)Google Scholar
  19. 19.
    Bae, J., Liu, L., Caverlee, J., Rouse, W.B.: Process mining, discovery, and integration using distance measures. In: IEEE International Conference on Web Services (ICWS 2006) (2006)Google Scholar
  20. 20.
    Bezerra, F., Wainer, J.: Anomaly detection algorithms in logs of process aware systems. In: Proceedings of the 2008 ACM Symposium on Applied Computing, SAC 2008, pp. 951–952. ACM Press (2008)Google Scholar
  21. 21.
    Park, S., Kang, Y.S.: A study of process mining-based business process innovation. Procedia Comput. Sci. 91, 734–743 (2016)CrossRefGoogle Scholar
  22. 22.
    Van der Aalst, W.M.P., Van Dongen, B.F., Herbst, J., Maruster, L., Schimm, G., Weijters, A.J.M.M.: Workflow mining: a survey of issues and approaches. Data Knowl. Eng. 47(2), 237–267 (2003)CrossRefGoogle Scholar
  23. 23.
    Bose, R.P.J.C., Van der Aalst, W.M.P., Žliobaite, I., Pechenizkiy, M.: Dealing with concept drifts in process mining. IEEE Trans. Neural Netw. Learn. Syst. 25(1), 154–171 (2014)CrossRefGoogle Scholar
  24. 24.
    Su, M.Y., Jong, G., Chun, Y., Lin, Y.: A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Comput. Secur. 28(5), 301–309 (2009). ElsevierCrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringAmity UniversityDubaiUAE
  2. 2.Amity UniversityNoidaIndia

Personalised recommendations