Received:
2023-11-11 | Accepted:
2024-03-11 | Published:
2024-03-30
Title
Reduction of cybersecurity risk via evaluating users' behaviour
Abstract
Since the 1990s, process analysis has attained a fundamental position among business management approaches. With the gradual development and expansion of digitalization in businesses that have begun to use advanced information systems, a demand also arose to survey the processes within companies, including retrospectively from the digital records of information systems. This requirement laid the foundation for the emergence of the scientific discipline known today as Process Mining. In the presented article, we introduce its basic concepts and point out the possibility of using them in the field of security analysis of the log of a general system, which creates digital records of its operation (a so-called journal or log). The result of using Process Mining methods is identifying unrecorded processes running in a system and various deviations from the expected system operation, which may signal security threats to the system itself or its operator. In the battle against hybrid threats, many resources are explicitly devoted to protecting cyberspace. The approach proposed in this article allows a system to be analysed as a whole, identifying patterns of behaviour that would not otherwise arouse suspicion in individual steps but, as a sequence of separate steps (processes), do not fall into the expected pattern of system behaviour. This can be used as a long-term sustainable concept in the fight against hybrid threats. An analysis of a system’s behavior can be built on continuous “learning” by labelling newly discovered processes as safe or unsafe, ensuring the long-term sustainability of this approach. The main advantage of the proposed analyses is that they run as an oversight of the system itself, analysing it only based on records from its event log. Therefore, no interventions are needed in the architecture and source code of the analysed system, and the analyses do not affect its operation or data.
Keywords
hybrid threats, process analysis, process mining, security, cyberspace, information systems, system behavior, cybersecurity, management
JEL classifications
E27
, F50
, G32
URI
http://jssidoi.org/jesi/article/1185
DOI
Pages
387-407
Funding
he contribution arose as part of the national project “Increasing Slovakia’s resistance to hybrid threats by strengthening public administration capacities”, project code ITMS2014+: 314011CDW7. This project is supported by the European Social Fund.
This is an open access issue and all published articles are licensed under a
Creative Commons Attribution 4.0 International License
References
Ankush 10 OpenSource Log Collectors for Centralized Logging 2023. . https://geekflare.com/open-source-centralized-logging
Search via ReFindit
Berti, A., Herforth, J., Qafari, M.S., & Van Der Aalst, W.M.P. 2023. Graph-Based Feature Extraction on Object-Centric Event Logs. International Journal of Data Science and Analytics. http://doi.org/10.1007/s41060-023-00428-2
Search via ReFindit
Berti, A., Jessen, U., Park, G., Rafiei, M., & Van Der Aalst, W.M.P. 2023. Analyzing Interconnected Processes: Using Object-Centric Process Mining to Analyze Procurement Processes. International Journal of Data Science and Analytics. http://doi.org/10.1007/s41060-023-00427-3
Search via ReFindit
Bouricha, H., Hsairi, L., & Ghédira, K. 2023. Literature Review on Intention Mining-Oriented Process Mining in Information System. Artificial Intelligence Review, 56, 13841-13872. http://doi.org/10.1007/s10462-023-10490-8
Search via ReFindit
Brailsford, S., Churilov, L., & Dangerfield, B. (Eds) 2014. Discrete-Event Simulation and System Dynamics for Management Decision Making, Wiley: Chichester, West Sussex ISBN 978-1-118-76275-2.
Search via ReFindit
Camargo, M., Dumas, M., & González-Rojas, O. 2020. Automated Discovery of Business Process Simulation Models from Event Logs. Decision Support Systems, 134, 113284. http://doi.org/10.1016/j.dss.2020.113284
Search via ReFindit
Carmona, J., van Dongen, B.F., Solti, A., & Weidlich, M. 2018. Conformance Checking—Relating Processes Models. In: Springer, ISBN 978-3-319-99413-0. http://doi.org/10.1007/978-3-319-99414-7
Search via ReFindit
Elkoumy, G., Fahrenkrog-Petersen, S.A., Sani, M.F., Koschmider, A., Mannhardt, F., Von Voigt, S.N., Rafiei, M., & Waldthausen, L.V. 2022. Privacy and Confidentiality in Process Mining: Threats and Research Challenges. ACM Trans. ACM Transactions on Management Information Systems, 13, 1-17. http://doi.org/10.1145/3468877
Search via ReFindit
Frank Front Door Motion & Brightness, https://www.kaggle.com/datasets/fdraeger/frontdoormotionbrightness
Search via ReFindit
Hammer, M., & Champy, J. 1994. Reengineering the Corporation: A Manifesto for Business. The Academy of Management Review, 19(3), 595-600. https://doi.org/10.2307/258943
Search via ReFindit
Keary, T. 2023. The Best Network Monitoring Tools & Software of 2023 https://www.comparitech.com/net-admin/network-monitoring-tools/
Search via ReFindit
Keršanskas, V. 2020. Deterence: Proposing a More Strategic Approach to Countering Hybrid Threats. ISBN 978-952-7282-33-5
Search via ReFindit
Korauš, A., Jančíková, E., Gombár, M., Kurilovská, L., & Černák, F. 2024. Ensuring Financial System Sustainability: Combating Hybrid Threats through Anti-Money Laundering and Counter-Terrorist Financing Measures. Journal of Risk and Financial Management, 17, 55. https://doi.org/10.3390/jrfm17020055
Search via ReFindit
Korauš, A., Krásná, P., Šišulák, S., & Veselovská, S. 2023. Integrated security strategies in the context of hybrid threats in the Slovak Republic. Entrepreneurship and Sustainability Issues, 11(1), 233-250. http://doi.org/10.9770/jesi.2023.11.1(14)
Search via ReFindit
Kovács, A. M. 2022. Ransomware: a comprehensive study of the exponentially increasing cybersecurity threat. Insights into Regional Development, 4(2), 96-104. https://doi.org/10.9770/IRD.2022.4.2(8)
Search via ReFindit
Lohman, N., Verbeek, E., & Dijkman, R. 2009. Petri Net Transformations for Business Processes - A Survey. Transac-tions on Petri Net and Other Models of Concurency II. Lecture Notes in Computer Science, 46-63. http://doi.org/10.1007/978-3-642-00899-3_3
Search via ReFindit
Macak, M., Oslejsek, R., & Buhnova, B. 2022. Process Mining Analysis of Puzzle-Based Cybersecurity Training. In Proceedings of the Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 1, ACM: Dublin Ireland, July 7, 2022, pp. 449–455. http://doi.org/10.1145/3502718.3524819
Search via ReFindit
NBÚ Hybridné hrozby. . https://www.nbu.gov.sk/urad/o-urade/hybridne-hrozby-a-dezinformacie/hybridne-hrozby/index.html
Search via ReFindit
Neerumalla, S., & Parvathy, L.R. 2022. Improved Invasive Weed-Lion Optimization-Based Process Mining of Event Logs. International Journal of System Assurance Engineering and Management, 15, 49-59. http://doi.org/10.1007/s13198-021-01599-6
Search via ReFindit
Park, G., & van der Aalst, W.M.P. 2022. Action-Oriented Process Mining: Bridging the Gap between Insights and Actions. Progress in artificial inteligence. http://doi.org/10.1007/s13748-022-00281-7
Search via ReFindit
Plėta, T., Tvaronavičienė, M., Casa, S. D., & Agafonov, K. 2020. Cyber-attacks to critical energy infrastructure and management issues: overview of selected cases. Insights into Regional Development, 2(3), 703-715. https://doi.org/10.9770/IRD.2020.2.3(7)
Search via ReFindit
Pourbafrani, M., & van der Aalst, W.M.P. 2021. Extracting Process Features from Event Logs to Learn Coarse – Grained Simulation Models. Advanced Information Systems Engineering, 1275, 125-140. http://doi.org/10.1007/978-3-030-79382-1_8
Search via ReFindit
Pourbafrani, M., & van Der Aalst, W.M.P. 2022a. Discovering System Dynamics Simulation Models Using Process Min-ing. IEEE Access, 10, 78527-78547. http://doi.org/10.1109/ACCESS.2022.3193507
Search via ReFindit
Pourbafrani, M., van der Aalst, W.M.P. 2022b. Hybrid Business Process Simulation: Updating Detailed Process Simulation Models Using High-Level Simulations. In: Guizzardi, R., Ralyté, J., Franch, X. (eds) Research Challenges in Information Science. RCIS 2022. Lecture Notes in Business Information Processing, vol 446. Springer, Cham. https://doi.org/10.1007/978-3-031-05760-1_11
Search via ReFindit
Qafari, M.S., & Van Der Aalst, W.M.P. 2022. Feature Recommendation for Structural Equation Model Discovery in Process Mining. Progress in Artificial Intelligence. http://doi.org/10.1007/s13748-022-00282-6
Search via ReFindit
Řepa, V. 2021. Procesně Řízená Organizace; Grada Publishing: Praha ISBN 978-80-247-4128-4.
Search via ReFindit
Rozinat, A., Mans, R.S., Song, M., & Van Der Aalst, W.M.P. 2009. Discovering Simulation Models. Information Systems, 34, 305-327. http://doi.org/10.1016/j.is.2008.09.002
Search via ReFindit
Rozinat, A., Wynn, M.T., Van Der Aalst, W.M.P., Ter Hofstede, A.H.M., & Fidge, C.J. 2009. Workflow Simulation for Operational Decision Support. Data & Knowledge Engineering, 68, 834-850. http://doi.org/10.1016/j.datak.2009.02.014
Search via ReFindit
Sliwa, P., Krzos, G., & Piwoni-Krzeszowska, E. (2021). Digital Network Twin – Mapping Socio-Economic Networks into the Virtual Reality. Transformations in Business & Economics, Vol. 20, No 2B (53B), pp. 989-1004.
Search via ReFindit
Sterman, J. 2002. System Dynamics: Systems Thinking and Modeling for a Complex World., Cambridge, MA, USA http://hdl.handle.net/1721.1/102741
Search via ReFindit
Tax, N., Verenich, I., La Rosa, M., & Dumas, M. 2017. Predictive Business Process Monitoring with LSTM Neural Net-works. In Advanced Information Systems Engineering; Dubois, E., Pohl, K., Eds.; Lecture Notes in Computer Science; Springer International Publishing: Cham, 2017, 10253, pp. 477–492. ISBN 978-3-319-59535-1.
Search via ReFindit
Van der Aalst, W. 2016. Data Science in Action. In: Process Mining. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49851-4_1
Search via ReFindit
Van der Aalst, W. 2016. Process Mining: Data Science in Action; 2nd edition.; Springer Berlin Heidelberg: New York, NY, ISBN 978-3-662-49850-7
Search via ReFindit
Van Der Aalst, W., Adriansyah, A., & Van Dongen, B. 2012. Replaying History on Process Models for Conformance Checking and Performance Analysis. WIREs Data Mining & Knowledge, 2, 182-192. http://doi.org/10.1002/widm.1045
Search via ReFindit
Van Der Aalst, W.M.P. 2015. Business Process Simulation Survival Guide. In Handbook on Business Process Manage-ment 1; Vom Brocke, J., Rosemann, M., Eds., Springer Berlin Heidelberg: Berlin, Heidelberg, pp. 337-370. ISBN 978-3-642-45099-0.
Search via ReFindit
Van der Aalst, W.M.P. 2018. Process Mining and Simulation: A Match Made in Heaven! Proc. 50th Comput. Simul. Conf. (SummerSim) 2018, 1-4. http://doi.org/10.22360/summersim.2018.scsc.005
Search via ReFindit
van der Aalst, W.M.P., & Carmona, J. 2022. Process Mining Handbook; Springer: Cham, Switzerland. http://doi.org/10.18154/RWTH-2023-00084
Search via ReFindit
van Dongen, B.F. 2018. Efficiently Computing Alignments. In: Weske, M., Montali, M., Weber, I., vom Brocke, J. (eds) Business Process Management. BPM 2018. Lecture Notes in Computer Science, vol 11080. Springer, Cham. https://doi.org/10.1007/978-3-319-98648-7_12
Search via ReFindit
Wankhade, M., Rao, A.C.S., & Kulkarni, C.A. 2022. A Survey on Sentiment Analysis Methods, Applications, and Challenges. Artificial Intelligence Review, 5731-5780. http://doi.org/10.1007/s10462-022-10144-1
Search via ReFindit