1. Comparative Assessment of Process Mining for Supporting IoT Predictive Security
- Author
-
Rémi Badonnel, Jerome Francois, Adrien Hemmer, Mohamed Abderrahim, Isabelle Chrisment, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), TELECOM Nancy, Université de Lorraine (UL), This work has been partially supported by the SecureIoT project, funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 779899, the exploited datasets have been provided by IDIADA UK, it’s OWL, which has worked with FUJITSU, and LuxAI., and European Project: 779899,H2020,SecureIoT(2018)
- Subjects
Local outlier factor ,Computer Networks and Communications ,Computer science ,Distributed computing ,Complex system ,Decision tree ,Process mining ,020206 networking & telecommunications ,02 engineering and technology ,Data modeling ,Machine Learning ,Security Management ,Internet-of-Things ,Process Mining ,[INFO.INFO-LG]Computer Science [cs]/Machine Learning [cs.LG] ,Software deployment ,0202 electrical engineering, electronic engineering, information engineering ,Data Mining ,[INFO]Computer Science [cs] ,Security management ,Isolation (database systems) ,Electrical and Electronic Engineering - Abstract
International audience; The growth of the Internet-of-Things (IoT) has been characterized by the large-scale deployment of sensors and connected objects. These ones are integrated with other Internet resources in order to elaborate more complex systems and applications. Security management is a major challenge for these systems due to their complexity, their heterogeneity and the limited resources of their devices. In this paper we evaluate the exploitability and performance of a process mining approach for detecting misbehaviors in such systems. We describe the considered architecture and detail its operation, from the generation of behavioral models to the detection of potential attacks. We formalize several alternative commonly-used detection methods, including elliptic envelope, support-vector machine, local outlier factor, and isolation forest techniques. After presenting a proofof-concept prototype, we quantify comparatively the benefits and limits of our process mining solution combined with data preprocessing, through extensive experiments based on different industrial datasets.
- Published
- 2021