Abstract
Information systems handle large amount of data within enterprises by offering the possibility to collect, treat, keep and make information available. To achieve this, it is crucial to secure data from intrusion that disturb confidentiality, availability, and integrity of data. This integrity must follow the strategic alignment of the considered enterprise. Unfortunately, the goal of attackers is to affect the resources present in the system. Research in intrusion detection field is still in search of proposals to relevant problems. Many solutions exist supporting machine learning and datamining models. Nevertheless, these solutions based on signature and behavior approaches of intrusion detection, are more interested in data and have not a global view of processes. The aim of this paper is to use workflow mining for a Host-based intrusion detection by monitoring workflow event logs related to resources. With workflow mining, process execution are stored in event logs and the detection of intrusion can be realized by their analysis on the basis of a well-defined security policy. To achieve our goal, step by step, we start by the specification of different concepts manipulated. Afterwards, we provide a model of security policy and a model of intrusion detection that enables us to have a low rate of false alerts. Finally, we implement the solution via a prototype to observe how it can work.
Highlights
Nowadays, enterprises use different technologies for the improvement of their business processes, by boosting the quality of service, to be more competitive in the market where needs of users or customers are permanently changing
It appears that intrusion detection is a relevant challenge in information system security
This paper presents a model designed to detect intrusion by workflow mining that permits to analyze event logs presenting events related to resources of the considered system
Summary
Enterprises use different technologies for the improvement of their business processes, by boosting the quality of service, to be more competitive in the market where needs of users or customers are permanently changing. Like a law of nature, advantages usually generate some problems. In this case, while the quality of service is said to be improved by using powerful technologies, security of data manipulated within an information system appears like a pertinent challenge. More, existing models concentrate on network traffic data It explains variance in false alert rate, catalyzed by different new attacks. All actions that affect confidentiality, integrity, and availability of Information are intrusions. Wars in the world are managed mainly thanks to IT systems. Interesting solutions for this challenge can be the engine of the development of many countries.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: American Journal of Computer Science and Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
