Process Mining Algorithm for Online Intrusion Detection System

TL;DR

This paper introduces a process mining-based algorithm for online intrusion detection that preprocesses network data in real-time, improving the effectiveness of various machine learning classifiers in detecting cyber attacks.

Contribution

It presents a novel online process mining inspired algorithm for preprocessing network data in intrusion detection systems, enhancing real-time detection capabilities.

Findings

The algorithm effectively preprocesses network data for intrusion detection.

It improves the performance of machine learning classifiers in detecting attacks.

Comparison shows competitive results against existing tools like CICFlowMeter.

Abstract

In this paper, we consider the applications of process mining in intrusion detection. We propose a novel process mining inspired algorithm to be used to preprocess data in intrusion detection systems (IDS). The algorithm is designed to process the network packet data and it works well in online mode for online intrusion detection. To test our algorithm, we used the CSE-CIC-IDS2018 dataset which contains several common attacks. The packet data was preprocessed with this algorithm and then fed into the detectors. We report on the experiments using the algorithm with different machine learning (ML) models as classifiers to verify that our algorithm works as expected; we tested the performance on anomaly detection methods as well and reported on the existing preprocessing tool CICFlowMeter for the comparison of performance.