Process Mining and Security: Visualization in Database Intrusion Detection

Nowadays, more and more organizations keep their valuable and sensitive data in Database Management Systems (DBMSs). The traditional database security mechanisms such as access control mechanisms, authentication, data encryption technologies do not offer a strong enough protection against the exploitation of vulnerabilities (e.g. intrusions) in DBMSs from insiders. Intrusion detection systems recently proposed in the literature focus on statistical approaches, which are not intuitive. Our research is the first ever effort to use process mining modeling low-level event logs for database intrusion detection. We have proposed a novel approach for visualizing database intrusion detection using process mining techniques. Our experiments showed that intrusion detection visualization will be able to help security officers who might not know deeply the complex system, identify the true positive detection and eliminate the false positive results.

[1]  Wil vanderAalst,et al.  Workflow Management: Models, Methods, and Systems , 2004 .

[2]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[3]  Peter Mell,et al.  NIST Special Publication on Intrusion Detection Systems , 2001 .

[4]  Wil M. P. van der Aalst,et al.  A Generic Import Framework for Process Event Logs , 2006, Business Process Management Workshops.

[5]  Abhinav Srivastava,et al.  Weighted Intra-transactional Rule Mining for Database Intrusion Detection , 2006, PAKDD.

[6]  Daniel A. Keim,et al.  Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations , 2009, CHIMIT.

[7]  Boudewijn F. van Dongen,et al.  The ProM Framework: A New Era in Process Mining Tool Support , 2005, ICATPN.

[8]  Shamik Sural,et al.  Database intrusion detection using sequence alignment , 2010, International Journal of Information Security.

[9]  Wil M.P. van der Aalst,et al.  Process mining with the HeuristicsMiner algorithm , 2006 .

[10]  Gianfranco Ciardo,et al.  Applications and Theory of Petri Nets 2005, 26th International Conference, ICATPN 2005, Miami, USA, June 20-25, 2005, Proceedings , 2005, ICATPN.

[11]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[12]  Cw Christian Günther,et al.  Mining activity clusters from low-level event logs , 2006 .

[13]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[14]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[15]  Wil M. P. van der Aalst,et al.  Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance , 2005, WISP@ICATPN.

[16]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[17]  Boudewijn F. van Dongen,et al.  Workflow mining: A survey of issues and approaches , 2003, Data Knowl. Eng..

[18]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.