An operational support approach for Mining Unstructured Business Processes

The refined process mining framework contains a set of activities that use extracted information from event logs, discovered models and normative ones. Among these activities, we find those dealing with running events in a Structured Business Process (SBP) context, which are the Detect, the Predict and the Recommend activities. These three activities are nominated as an operational support system that aims at detecting deviations, predicting events and recommending actions. In this regard, operational support systems perform well on SBP while, it stills a challenging task for an Unstructured Business Process (UBP). This puts forward the difficulty of predicting events and recommending actions for UBP, because of its complex structure. In this context, simplification and structuring operations must be applied. Therefore, the intervention of other process mining activities is required for business process simplification and structuring. To this end, we present an operational support approach dealing with UBP, using the refined process mining framework activities

Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities

Critical Infrastructures (CIs), such as smart power grids, transport systems, and financial infrastructures, are more and more vulnerable to cyber threats, due to the adoption of commodity computing facilities. Despite the use of several monitoring tools, recent attacks have proven that current defensive mechanisms for CIs are not effective enough against most advanced threats. In this paper we explore the idea of a framework leveraging multiple data sources to improve protection capabilities of CIs. Challenges and opportunities are discussed along three main research directions: i) use of distinct and heterogeneous data sources, ii) monitoring with adaptive granularity, and iii) attack modeling and runtime combination of multiple data analysis techniques.Comment: EDCC-2014, BIG4CIP-201

DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST