Scenarios for Process-Aware Insider Attack Detection in Manufacturing

Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI:10.1145/3538969.3544449

M. Macák, Radek Vaclavek, Dasa Kusnirakova, Raimundas Matulevičius, Barbora Buhnova

{"title":"Scenarios for Process-Aware Insider Attack Detection in Manufacturing","authors":"M. Macák, Radek Vaclavek, Dasa Kusnirakova, Raimundas Matulevičius, Barbora Buhnova","doi":"10.1145/3538969.3544449","DOIUrl":null,"url":null,"abstract":"Manufacturing production heavily depends on the processes that need to be followed during manufacturing. As there might be many reasons behind possible deviations from these processes, the deviations can also cover ongoing insider attacks, e.g., intended to perform sabotage or espionage on these infrastructures. Insider attacks can cause tremendous damage to a manufacturing company because an insider knows how to act inconspicuously, making insider attacks very hard to detect. In this paper, we examine the potential of process-mining methods for insider-attack detection in the context of manufacturing, which is a new and promising application context for process-aware methods. To this end, we present five manufacturing-related scenarios of insider threats identified in cooperation with a manufacturing company, where the process mining could be most helpful in the detection of their respective attack events. We describe these scenarios and demonstrate the utilization of process mining in this context, creating ground for further future research.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 17th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3538969.3544449","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Manufacturing production heavily depends on the processes that need to be followed during manufacturing. As there might be many reasons behind possible deviations from these processes, the deviations can also cover ongoing insider attacks, e.g., intended to perform sabotage or espionage on these infrastructures. Insider attacks can cause tremendous damage to a manufacturing company because an insider knows how to act inconspicuously, making insider attacks very hard to detect. In this paper, we examine the potential of process-mining methods for insider-attack detection in the context of manufacturing, which is a new and promising application context for process-aware methods. To this end, we present five manufacturing-related scenarios of insider threats identified in cooperation with a manufacturing company, where the process mining could be most helpful in the detection of their respective attack events. We describe these scenarios and demonstrate the utilization of process mining in this context, creating ground for further future research.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

制造业中过程感知内部攻击检测的场景

制造生产在很大程度上取决于制造过程中需要遵循的流程。由于在这些过程的可能偏差背后可能有许多原因，这些偏差也可能包括正在进行的内部攻击，例如，意图在这些基础设施上执行破坏或间谍活动。内部攻击会给制造企业造成巨大损失，因为内部人员知道如何悄无声息地行动，这使得内部攻击很难被发现。在本文中，我们研究了过程挖掘方法在制造环境中进行内部攻击检测的潜力，这是过程感知方法的一个新的和有前途的应用环境。为此，我们提出了与制造公司合作确定的内部威胁的五个与制造相关的场景，其中流程挖掘可能对检测各自的攻击事件最有帮助。我们描述了这些场景，并在此背景下演示了过程挖掘的使用，为进一步的未来研究奠定了基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 17th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量