Zhong, Yinzheng 
ORCID: 0000-0001-8477-3956 and Lisitsa, Alexei
(2022)
Can process mining help in anomaly-based intrusion detection?
[Preprint]
|
PDF
2206.10379v1.pdf - Other Download (2MB) | Preview |
Abstract
In this paper, we consider the naive applications of process mining in network traffic comprehension, traffic anomaly detection, and intrusion detection. We standardise the procedure of transforming packet data into an event log. We mine multiple process models and analyse the process models mined with the inductive miner using ProM and the fuzzy miner using Disco. We compare the two types of process models extracted from event logs of differing sizes. We contrast the process models with the RFC TCP state transition diagram and the diagram by Bishop et al. We analyse the issues and challenges associated with process mining in intrusion detection and explain why naive process mining with network data is ineffective.
| Item Type: | Preprint |
|---|---|
| Uncontrolled Keywords: | cs.CR, cs.CR |
| Divisions: | Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science |
| Depositing User: | Symplectic Admin |
| Date Deposited: | 31 May 2023 09:08 |
| Last Modified: | 31 May 2023 09:08 |
| Related URLs: | |
| URI: | https://livrepository.liverpool.ac.uk/id/eprint/3170750 |
Share
Share
