Biblio

The fast growing of ransomware attacks has become a serious threat for companies, governments and internet users, in recent years. The increasing of computing power, memory and etc. and the advance in cryptography has caused the complicating the ransomware attacks. Therefore, effective methods are required to deal with ransomwares. Although, there are many methods proposed for ransomware detection, but these methods are inefficient in detection ransomwares, and more researches are still required in this field. In this paper, we have proposed a novel method for identify ransomware from benign software using process mining methods. The proposed method uses process mining to discover the process model from the events logs, and then extracts features from this process model and using these features and classification algorithms to classify ransomwares. This paper shows that the use of classification algorithms along with the process mining can be suitable to identify ransomware. The accuracy and performance of our proposed method is evaluated using a study of 21 ransomware families and some benign samples. The results show j48 and random forest algorithms have the best accuracy in our method and can achieve to 95% accuracy in detecting ransomwares.

In the field of process mining, a lot of information about what happened inside the information system has been exploited and has yielded significant results. However, information related to the relationship between performers and performers is only utilized and evaluated in certain aspects. In this paper, we propose an algorithm to classify the temporal work transference from workflow enactment event log. This result may be used to reduce system memory, increase the computation speed. Furthermore, it can be used as one of the factors to evaluate the performer, active role of resources in the information system.

Nowadays, as international trade with cross-border logistics increases, the administrative burden of regulatory authorities has been dramatically raised. In order to reduce repetitive and redundant supervisory controls and promote automatic administration procedures, electronic data interchange (EDI)1 and other forms of information sharing are introduced and implemented. Compliance monitoring ensures data quality for information exchange and audit purpose. However, failure to be compliant with various regulations is still a general phenomenon globally among stakeholders in supply chains, leading to more problems such as delay of goods delivery, missing inventory, and security issues. To address these problems, traditional physical auditing methods are widely used but turned out to be time-consuming and costly, especially when multiple stakeholders are involved. Since there is limited empirical research on compliance monitoring for regulatory supervision in international supply chains, we propose a compliance monitoring framework that can be applied with data sharing and analytics. The framework implementation is validated by an extensive case study on customs supervision in the Netherlands using process mining techniques. Practically, both public and private sectors will benefit from our descriptive and prescriptive analytics for audit purposes. Theoretically, our control strategies developed at the operational level facilitates mitigation of risks at root causes.

In this paper, we present a work-in-progress approach to detect integrity attacks to Smart Grids by analyzing the readings from smart meters. Our approach is based on process mining and time-evolving graphs. In particular, process mining is used to discover graphs, from the dataset collecting the readings over a time period, that represent the behaviour of a customer. The time-evolving graphs are then compared in order to detect anomalous behavior of a customer. To evaluate the feasibility of our approach, we have conducted preliminary experiments by using the dataset provided by the Ireland's Commission for Energy Regulation (CER).

The execution of distributed applications are captured by the events generated by the individual components. However, understanding the behavior of these applications from their event logs can be a complex and error prone task, compounded by the fact that applications continuously change rendering any knowledge obsolete. We describe our experiences applying a suite of process-aware analytic tools to a number of real world scenarios, and distill our lessons learned. For example, we have seen that these tools are used iteratively, where insights gained at one stage inform the configuration decisions made at an earlier stage. As well, we have observed that data onboarding, where the raw data is cleaned and transformed, is the most critical stage in the pipeline and requires the most manual effort and domain knowledge. In particular, missing, inconsistent, and low-resolution event time stamps are recurring problems that require better solutions. The experiences and insights presented here will assist practitioners applying process analytic tools to real scenarios, and reveal to researchers some of the more pressing challenges in this space.