A Process Mining Approach for Supporting IoT Predictive Security

The growing interest for the Internet-of-Things (IoT) is supported by the large-scale deployment of sensors and connected objects. These ones are integrated with other Internet resources in order to elaborate more complex and value-added systems and applications. While important efforts have been done for their protection, security management is a major challenge for these systems, due to their complexity, their heterogeneity and the limited resources of their devices. In this paper we introduce a process mining approach for detecting misbehaviors in such systems. It permits to characterize the behavioral models of IoT-based systems and to detect potential attacks, even in the case of heterogenous protocols and platforms. We then describe and formalize its underlying architecture and components, and detail a proof-of-concept prototype. Finally, we evaluate the performance of this solution through extensive experiments based on real industrial datasets.

[1]  Lionel Roucoules,et al.  On the Use of Process Mining and Machine Learning to Support Decision Making in Systems Design , 2016, PLM.

[2]  Remi Badonnel,et al.  Addressing DODAG inconsistency attacks in RPL networks , 2014, 2014 Global Information Infrastructure and Networking Symposium (GIIS).

[3]  Wil M. P. van der Aalst,et al.  RapidProM: Mine Your Processes and Not Just Your Data , 2017, ArXiv.

[4]  Seref Sagiroglu,et al.  Big data analytics for network anomaly detection from netflow data , 2017, 2017 International Conference on Computer Science and Engineering (UBMK).

[5]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .

[6]  Víctor A. Villagrá,et al.  Real-Time Multistep Attack Prediction Based on Hidden Markov Models , 2020, IEEE Transactions on Dependable and Secure Computing.

[7]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[8]  Remi Badonnel,et al.  A Taxonomy of Attacks in RPL-based Internet of Things , 2016, Int. J. Netw. Secur..

[9]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[10]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[11]  Amit P. Sheth,et al.  Machine learning for Internet of Things data analysis: A survey , 2017, Digit. Commun. Networks.

[12]  Sander J. J. Leemans,et al.  Scalable Process Discovery with Guarantees , 2015, BMMDS/EMMSAD.

[13]  Elisa Bertino,et al.  A Data Driven Approach for the Science of Cyber Security: Challenges and Directions , 2016, 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI).

[14]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[15]  Tian Zhang,et al.  BIRCH: an efficient data clustering method for very large databases , 1996, SIGMOD '96.

[16]  Chung-Horng Lung,et al.  Evaluation of machine learning techniques for network intrusion detection , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[17]  Jacques Wainer,et al.  Anomaly Detection Using Process Mining , 2009, BMMDS/EMMSAD.

[18]  Marc-Oliver Pahl,et al.  Securing IoT microservices with certificates , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[19]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[20]  Lovekesh Vig,et al.  Anomaly detection in ECG time signals via deep long short-term memory networks , 2015, 2015 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[21]  S. P. Lloyd,et al.  Least squares quantization in PCM , 1982, IEEE Trans. Inf. Theory.

[22]  Alessandro Bassi,et al.  Enabling Things to Talk: Designing IoT solutions with the IoT Architectural Reference Model , 2013 .

[23]  Jérôme François,et al.  A Universal Controller to Take Over a Z-Wave Network , 2017 .

[24]  James B. Fraley,et al.  The promise of machine learning in cybersecurity , 2017, SoutheastCon 2017.

[25]  Soma Bandyopadhyay,et al.  IoT Healthcare Analytics: The Importance of Anomaly Detection , 2016, 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA).