research-article

Comparative Assessment of Process Mining for Supporting IoT Predictive Security

Authors:

Mohamed Abderrahim,

Rémi Badonnel,

Jérôme François,

Isabelle ChrismentAuthors Info & Claims

IEEE Transactions on Network and Service Management, Volume 18, Issue 1

Pages 1092 - 1103

https://doi.org/10.1109/TNSM.2020.3038172

Published: 01 March 2021 Publication History

Abstract

The growth of the Internet-of-Things (IoT) has been characterized by the large-scale deployment of sensors and connected objects. These ones are integrated with other Internet resources in order to elaborate more complex systems and applications. Security management is a major challenge for these systems due to their complexity, their heterogeneity and the limited resources of their devices. In this article we evaluate the exploitability and performance of a process mining approach for detecting misbehaviors in such systems. We describe the considered architecture and detail its operation, from the generation of behavioral models to the detection of potential attacks. We formalize several alternative commonly-used detection methods, including elliptic envelope, support-vector machine, local outlier factor, and isolation forest techniques. After presenting a proof-of-concept prototype, we quantify comparatively the benefits and limits of our process mining solution combined with data pre-processing, through extensive experiments based on different industrial datasets.

References

[1]

M. Alaa, A. A. Zaidan, B. B. Zaidan, M. Talal, and M. L. M. Kiah, “A review of smart home applications based on Internet of Things,” J. Netw. Comput. Appl., vol. 97, pp. 48–65, Nov. 2017.

Digital Library

[2]

M. Wollschlaeger, T. Sauter, and J. Jasperneite, “The future of industrial communication: Automation networks in the era of the Internet of Things and industry 4.0,” IEEE Ind. Elect. Mag., vol. 11, no. 1, pp. 17–27, Mar. 2017.

[3]

K. Delaney and E. Levy, Connected Futures Cisco Research: IoT Value: Challenges, Breakthroughs, and Best Practices, Cisco System Rep., San Jose, CA, USA, May 2017.

[4]

M. Antonakakiset al., “Understanding the mirai botnet,” in Proc. USENIX Security Symp., 2017, pp. 1092–1110.

[5]

E. Bertino and N. Islam, “Botnets and Internet of Things security,” Computer, vol. 50, no. 2, pp. 76–79, Feb. 2017.

Digital Library

[6]

C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.

Digital Library

[7]

Vitaly Simonovich. (Sep.2020). Imperva Blocks Our Largest DDoS l7/Brute Force Attack Ever (Peaking at 292,000 rps). https://www.imperva.com/blog/imperva-blocks-our-largest-ddos-l7-brute-force-attack-ever-peaking-at-292000-rps/

[8]

L. Rouch, J. François, F. Beck, and A. Lahmadi, “A universal controller to take over a Z-wave network,” in Proc. Black Hat Europe, 2017, pp. 1–9.

[9]

Z. Zhanget al., “IoT security: Ongoing challenges and research opportunities,” in Proc. 7th Int. Conf. Service Oriented Comput. Appl., Nov. 2014, pp. 230–234.

[10]

B. Thuraisinghamet al., “A data driven approach for the science of cyber security: Challenges and directions,” in Proc. 17th Int. Conf. Inf. Reuse Integr., Jul. 2016, pp. 1–10.

[11]

A. Hemmer, R. Badonnel, and I. Chrisment, “A process mining approach for supporting IoT predictive security,” in Proc. Netw. Oper. Manag. Symp., Apr. 2020, pp. 1–9.

[12]

W. van der Aalst, Process Mining: Discovery, Conformance and Enhancement of Business Processes. Heidelberg, Germany: Springer, 2011.

[13]

J. B. Fraley and J. Cannady, “The promise of machine learning in cybersecurity,” in Proc. IEEE SoutheastCon Conf., Mar. 2017, pp. 1–6.

[14]

A. Bassiet al., Enabling Things to Talk: Designing IoT Solutions With the IoT Architectural Reference Model. Heidelberg, Germany: Springer, 2013.

[15]

M. Pahl and L. Donini, “Securing IoT microservices with certificates,” in Proc. IEEE/IFIP Netw. Oper. Manag. Symp., Apr. 2018, pp. 1–5.

[16]

P. Holgado, V. A. Villagrá, and L. Vázquez, “Real-time multistep attack prediction based on hidden markov models,” IEEE Trans. Dependable Secure Comput., vol. 17, no. 1, pp. 134–147, Jan./Feb. 2020.

[17]

A. Mayzaud, R. Badonnel, and I. Chrisment, “A taxonomy of attacks in RPL-based Internet of Things,” Int. J. Netw. Security, vol. 18, no. 3, pp. 459–473, May 2016.

[18]

O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, “An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks,” Expert Syst. Appl., vol. 29, no. 4, pp. 713–722, 2005.

Digital Library

[19]

L. Breiman, “Random forests,” Mach. Learn., vol. 45, no. 1, pp. 5–32, 2001.

Digital Library

[20]

N. Goix, N. Drougard, R. Brault, and M. Chiapino, “One class splitting criteria for random forests,” in Proc. 9th Asian Conf. Mach. Learn., vol. 77, Nov. 2017, pp. 343–358.

[21]

F. T. Liu, K. M. Ting, and Z. Zhou, “Isolation forest,” in Proc. 8th IEEE Int. Conf. Data Min., Dec. 2008, pp. 413–422.

[22]

N. Sehatbakhsh, M. Alam, A. Nazari, A. Zajic, and M. Prvulovic, “Syndrome: Spectral analysis for anomaly detection on medical iot and embedded devices,” in Proc. IEEE Int. Symp. Hardw. Orient. Security Trust, Washington, DC, USA, 2018, pp. 1–8.

[23]

M. S. Mahdavinejadet al., “Machine learning for Internet of Things data analysis: A survey,” Digit. Commun. Netw., vol. 4, no. 3, pp. 161–175, 2018.

[24]

D. S. Terzi, R. Terzi, and S. Sagiroglu, “Big data analytics for network anomaly detection from netflow data,” in Proc. Int. Conf. Comput. Sci. Eng., Oct. 2017, pp. 592–597.

[25]

S. Ramapatruni, S. N. Narayanan, S. Mittal, A. Joshi, and K. Joshi, “Anomaly detection models for smart home security,” in Proc. IEEE 5th Int. Conf. Big Data Security Cloud, 2019, pp. 19–24.

[26]

S. Chauhan and L. Vig, “Anomaly detection in ECG time signals via deep long short-term memory networks,” in Proc. Int. Conf. Data Sci. Adv. Anal., Oct. 2015, pp. 1–7.

[27]

W. van der Aalst, A. B. Iriondo, and S. van Zelst, RapidMiner: Data Mining Use Cases and Business Analytics Applications. New York, NY, USA: CRC Press, 2018.

[28]

F. Bezerra, J. Wainer, and W. M. P. Aalst, “Anomaly detection using process mining,” in Proc. Int. Workshop Bus. Process Model. Develop. Support Int. Conf. Explor. Model. Methods Syst. Anal. Design, vol. 29, Jan. 2009, pp. 149–161.

[29]

M. M. Suarez-Alvarez, D.-T. Pham, M. Y. Prostov, and Y. I. Prostov, “Statistical approach to normalization of feature vectors and clustering of mixed datasets,” Proc. Roy. Soc. A Math. Phys. Eng. Sci., vol. 468, no. 2145, pp. 2630–2651, 2012.

[30]

W. Es-Soufi, E. Yahia, and L. Roucoules, “On the use of process mining and machine learning to support decision making in systems design,” in Proc. 13th IFIP Int. Conf. Product Lifecycle Manag., vol. AICT-492, Jul. 2016, pp. 56–66.

[31]

A. Ukil, S. Bandyoapdhyay, C. Puri, and A. Pal, “IoT healthcare analytics: The importance of anomaly detection,” in Proc. 30th Int. Conf. Adv. Inf. Netw. Appl., Mar. 2016, pp. 994–997.

[32]

S. J. J. Leemans, D. Fahland, and W. M. P. van der Aalst, “Scalable process discovery with guarantees,” in Enterprise, Business-Process and Information Systems Modeling. Cham, Switzerland: Springer Int., 2015, pp. 85–101.

[33]

C. C. Aggarwal, “Outlier analysis,” in Data Mining. New York, NY, USA: Springer, 2015, pp. 237–263.

[34]

M. Hubert and M. Debruyne, “Minimum covariance determinant,” WIREs Comput. Stat., vol. 2, no. 1, pp. 36–43, 2010.

[35]

B. Schölkopf, J. C. Platt, J. Shawe-Taylor, A. J. Smola, and R. C. Williamson, “Estimating the support of a high-dimensional distribution,” Neural Comput., vol. 13, no. 7, pp. 1443–1471, 2001.

Digital Library

[36]

M. M. Breunig, H.-P. Kriegel, R. T. Ng, and J. Sander, “LOF: Identifying density-based local outliers,” in Proc. ACM SIGMOD Int. Conf. Manag. Data, 2000, pp. 93–104.

[37]

P. J. Rousseeuw and K. V. Driessen, “A fast algorithm for the minimum covariance determinant estimator,” Technometrics, vol. 41, no. 3, pp. 212–223, 1999.

[38]

IoT Security Related Datasets. (Nov.2020). [Online]. Available: https://marketplace.secureiot.eu/marketplace/dataset/

[39]

M. Ester, H.-P. Kriegel, J. Sander, and X. Xu, “A density-based algorithm for discovering clusters a density-based algorithm for discovering clusters in large spatial databases with noise,” in Proc. Second Int. Conf. Knowl. Disc. Data Min., 1996, pp. 226–231.

[40]

F. Pedregosaet al., “Scikit-learn: Machine learning in Python,” J. Mach. Learn. Res., vol. 12, no. 85, pp. 2825–2830, 2011.

Digital Library

[41]

C. Ferri, J. Hernández-Orallo, and R. Modroiu, “An experimental comparison of performance measures for classification,” Pattern Recognit. Lett., vol. 30, no. 1, pp. 27–38, 2009.

Digital Library

[42]

Y. Liu, J. Cheng, C. Yan, X. Wu, and F. Chen, “Research on the matthews correlation coefficients metrics of personalized recommendation algorithm evaluation,” Int. J. Hybrid Inf. Technol., vol. 8, no. 1, pp. 163–172, 2015.

[43]

S. Wold, K. Esbensen, and P. Geladi, “Principal component analysis,” Chemometrics Intell. Lab. Syst., vol. 2, no. 1, pp. 37–52, 1987.

Cited By

Cinque MDe Simone LMazzocca NOttaviano DVitale F(2023)Evaluating virtualization for fog monitoring of real-time applications in mixed-criticality systemsReal-Time Systems10.1007/s11241-023-09410-459:4(534-567)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1007/s11241-023-09410-4
Barik DSanyal JSamanta T(2022)Denial-of-Service Attack Mitigation in Multi-hop 5G D2D Wireless Communication Networks Employing Double Auction GameJournal of Network and Systems Management10.1007/s10922-022-09695-z31:1Online publication date: 5-Oct-2022
https://dl.acm.org/doi/10.1007/s10922-022-09695-z

Index Terms

Comparative Assessment of Process Mining for Supporting IoT Predictive Security

Index terms have been assigned to the content through auto-classification.

Recommendations

IoT Security: Practical guide book
A Process Mining Tool for Supporting IoT Security
NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
The development of the Internet has been characterized by a growing interest for the Internet-of-Things (IoT). In particular, connected devices are integrated to other Internet resources (such as cloud resources) to elaboratevalue-added services. However, ...
Security assessment framework for IoT service

What are the critical requirements to be considered for the security measures in Internet of Things (IoT) services? Further, how should those security resources be allocated? To provide valuable insight into these questions, this paper introduces a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Network and Service Management

IEEE Transactions on Network and Service Management Volume 18, Issue 1

March 2021

1097 pages

ISSN:1932-4537

Issue’s Table of Contents

1932-4537 © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 March 2021

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 29 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cinque MDe Simone LMazzocca NOttaviano DVitale F(2023)Evaluating virtualization for fog monitoring of real-time applications in mixed-criticality systemsReal-Time Systems10.1007/s11241-023-09410-459:4(534-567)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1007/s11241-023-09410-4
Barik DSanyal JSamanta T(2022)Denial-of-Service Attack Mitigation in Multi-hop 5G D2D Wireless Communication Networks Employing Double Auction GameJournal of Network and Systems Management10.1007/s10922-022-09695-z31:1Online publication date: 5-Oct-2022
https://dl.acm.org/doi/10.1007/s10922-022-09695-z

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents