Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering

Günther Eibl, Cornelia Ferner, Tobias Hildebrandt, Florian Stertz, Sebastian Burkhart, Stefanie Rinderle-Ma, Dominik Engel

Abstract

Process mining is a set of data mining techniques that learn and analyze processes based on event logs. While process mining has recently been proposed for intrusion detection in business processes, it has never been applied to smart metering processes. The goal of this paper is to explore the potential of process mining for the detection of intrusions into smart metering systems. As a case study the remote shutdown process has been modeled and a threat analysis was conducted leading to an extensive attack tree. It is shown that currently proposed process mining techniques based on conformance checking do not suffice to find all attacks of the attack tree; an inclusion of additional perspectives is necessary. Consequences for the design of a realistic testing environment based on simulations are discussed.

References

  1. Accorsi, R. and Stocker, T. (2012). On the exploitation of process mining for security audits: the conformance checking case. In Proceedings of the 27th Annual ACM Symposium on Applied Computing, pages 1709- 1716. ACM.
  2. Berthier, R., Sanders, W. H., and Khurana, H. (2010). Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions. In 2010 First IEEE International Conference on Smart Grid Communications, pages 350-355. IEEE.
  3. Bezerra, F. and Wainer, J. (2013). Algorithms for anomaly detection of traces in logs of process aware information systems. Information Systems, 38(1):33-44.
  4. Bezerra, F., Wainer, J., and Van Der Aalst, W. M. P. (2009). Anomaly Detection using Process Mining. In 10th International Workshop, Enterprise, Business-Process and Information Systems Modeling, volume 29, pages 149-161.
  5. Jalali, H. and Baraani, A. (2012). Process aware host-based intrusion detection model. International Journal of Communication Networks and Information Security, 4(2):117-124.
  6. Kordy, B., Kordy, P., Mauw, S., and Schweitzer, P. (2013). ADTool: Security Analysis with AttackDefense Trees. In International Conference on Quantitative Evaluation of Systems.
  7. Kordy, B., Mauw, S., Radomirovic, S., and Schweitzer, P. (2012). Attack-Defense Trees. Journal of Logic and Computation, page exs029.
  8. Kordy, B., Piètre-cambacédès, L., and Schweitzer, P. (2014). DAG-Based Attack and Defense Modeling : Don' t Miss the Forest for the Attack Trees. Computer science review, 13:1-38.
  9. Oesterreichs-Energie (2015). Osterreich Use-Cases für das Smart Metering Advanced Meter Communication System (AMCS).
  10. Roy, A., Kim, D. S., and Trivedi, K. S. (2012). ACT: Towards unifying the constructs of attack and defense trees. Security and Communication Networks, 5(8):929-943.
  11. Salter, C., Saydjari, O. S., Schneier, B., and Wallner, J. (1998). Toward A Secure System Engineering Methodology. In Proceedings of the 1998 Workshop on New Security Paradigms (NSPW 7898), pages 2-10.
  12. Stocker, T. and Accorsi, R. (2013). SecSy: Securityaware Synthesis of Process Event Logs. In Proceedings of the 5th International Workshop on Enterprise Modelling and Information Systems Architectures, St. Gallen, Switzerland.
  13. Van der Aalst, W. M. (2011). Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer.
  14. Van der Aalst, W. M. and de Medeiros, A. K. A. (2005). Process mining and security: Detecting anomalous process executions and checking process conformance. Electronic Notes in Theoretical Computer Science, 121:3-21.
Download


Paper Citation


in Harvard Style

Eibl G., Ferner C., Hildebrandt T., Stertz F., Burkhart S., Rinderle-Ma S. and Engel D. (2017). Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 38-46. DOI: 10.5220/0006103900380046


in Bibtex Style

@conference{icissp17,
author={Günther Eibl and Cornelia Ferner and Tobias Hildebrandt and Florian Stertz and Sebastian Burkhart and Stefanie Rinderle-Ma and Dominik Engel},
title={Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={38-46},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006103900380046},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering
SN - 978-989-758-209-7
AU - Eibl G.
AU - Ferner C.
AU - Hildebrandt T.
AU - Stertz F.
AU - Burkhart S.
AU - Rinderle-Ma S.
AU - Engel D.
PY - 2017
SP - 38
EP - 46
DO - 10.5220/0006103900380046