Process Mining

Security process modelling, discovery and monitoring

Who is the material made for?

This module targets students, professionals and researchers interested in better understanding how behaviour can be modelled, discovered and monitored in the context of security.

While no specific background is required, some general knowledge of business processes and some basics of data manipulation can be helpful to fully appreciate the module.

Introduction

Security aspects are not exclusively limited to automated systems. It is constantly necessary to take into consideration the human aspectsand the ability of many systems to offer flexibility.

7

However, flexible systems pose challenges in terms of security. For this reason, often, expected behaviors are modelled using processes that describe the expected flow of operations and the extent to which deviations can be acceptable. At the same time, systems implementing these processes leave traces of the executions, thus enabling forensics investigations.

During the course we will investigate how process mining techniques can help to study the execution of processes as these are recorded. Textual description of some security processes will be presented together with some event logs referring to corresponding executions.

Participants will learn how to model a process and how to extract it from event data using automated techniques. Once such process model is available another goal is to verify the presence of deviations.