Process mining methods to analyze event logs of information systems

Adelya Khasanova

Abstract


The purpose of this work is to study and implement algorithms for intelligent process analysis in order to optimize the operation of the OS, as well as to identify abnormal and malicious events using the example of event logs of various operating systems (Windows, Linux). Event logs of information systems in various fields of human activity (mining, the nuclear industry in the design and operation of nuclear power plants, the transport sector of cities, the banking sector, etc.) can become a source of valuable information about the processes occurring in the system. Since almost all of these systems are designed to operate around the clock, serving thousands of computers and users at the same time, their high availability, reliability and security become mandatory.

The article provides a study of event logs of different operating systems and a description of the developed methods for obtaining, processing and analyzing event logs in order to prevent and predict failures, failures or abnormal events, as well as to improve the optimization of existing processes. The paper provides modeling of malicious events and their detection, as well as code examples to demonstrate all of the above algorithms.


Full Text:

PDF (Russian)

References


Brzychczy E., Gackowiec P., Liebetrau M. Data Analytic Approaches for Mining Process Improvement—Machinery Utilization Use Case //Resources. – 2020. – Т. 9. – №. 2. – С. 17.

Van Der Aalst W. Process mining: Overview and opportunities //ACM Transactions on Management Information Systems (TMIS). – 2012. – Т. 3. – №. 2. – С. 1-17.

Bassil Y. Windows and Linux operating systems from a security perspective //arXiv preprint arXiv:1204.0197. – 2012.

Sosnowski J., Gawkowski P., Cabaj K. Event and performance logs in system management and evaluation //Information Systems in Management XIV, Security and Effectiveness of ICT Systems. – 2011. – С. 83-93.

Dolak R., Janakova M., Botlik J. Process Mining of Events Log from Windows //SIMPDA. – 2018. – С. 73-77.

Zeng L. et al. Computer operating system logging and security issues: a survey //Security and communication networks. – 2016. – Т. 9. – №. 17. – С. 4804-4821.

Choi J. et al. Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool) //2008 International Conference on Information Security and Assurance (isa 2008). – IEEE, 2008. – С. 231-236.

Šrol E. Process Mining usage for potential insider threat identification utilizing PM4Py.

Berti A., van Zelst S. J., van der Aalst W. Process Mining for python (PM4Py): bridging the gap between process-and data science //arXiv preprint arXiv:1905.06169. – 2019.

Pm4py documentation // Pm4py – URL: https://pm4py.fit.fraunhofer.de/ (дата обращения: 10.05.2021)

23. Fluxicon Disco User's Guide, https://fluxicon.com/disco/files/Disco-User-Guide.pdf McGrath, M., Price, M.: Windows 10 in easy steps - Special Edition: To venture further. In Easy Steps Limited, Warwickshire (2015)

Van Der Aalst W. et al. Process Mining manifesto //International Conference on Business Process Management. – Springer, Berlin, Heidelberg, 2011. – С. 169-194.

.Van der Aalst W. M. P. Process Mining: discovery, conformance and enhancement of business processes. Springer, 2011.

Van der Aalst W.M.P., Weijters A.J.M.M., Maruster L. Workflow Mining: Discovering Process Models from Event Logs // IEEE Transactions on Knowledge and Data Engineering, 2004. Vol. 16(9). P. 1128–1142.

Van der Aalst W.M.P., Adriansyah A., Van Dongen B.F. Replaying history on process models for conformance checking and performance analysis // Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery. Vol. 2(2). Wiley Online Library. 2012. P. 182–192.

Adriansyah A., Van Dongen B.F., Van der Aalst W.M.P. Conformance checking using costbased fitness analysis // 15th IEEE International Conference on Enterprise Distributed Object Computing Conference (EDOC). 2011. P. 55–64

Leemans S. J. J., Fahland D., Van der Aalst W. M. P. Discovering Block-Structured Process Models from Incomplete Event Logs. Tech. Rep. BPM-14-05. Eindhoven University of Technology. March 2014.

Van der Werf J. M. E. M. et al. Process discovery using integer linear programming // Applications and Theory of Petri Nets. Springer Berlin Heidelberg, 2008. P. 368–387.

Weijters A., Van der Aalst W. M. P., De Medeiros A. K. A. Process Mining with the heuristics miner-algorithm // Technische Universiteit Eindhoven, Tech. Rep. WP. 2006. Vol. 166. P. 1–34.


Refbacks

  • There are currently no refbacks.


Abava  Кибербезопасность IT Congress 2024

ISSN: 2307-8162