Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering

Günther Eibl; Cornelia Ferner; Tobias Hildebrandt; Florian Stertz; Sebastian Burkhart; Stefanie Rinderle-Ma; Dominik Engel

doi:10.5220/0006103900380046

Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering

Günther Eibl, Cornelia Ferner, Tobias Hildebrandt, Florian Stertz, Sebastian Burkhart, Stefanie Rinderle-Ma, Dominik Engel

2017

Abstract

Process mining is a set of data mining techniques that learn and analyze processes based on event logs. While process mining has recently been proposed for intrusion detection in business processes, it has never been applied to smart metering processes. The goal of this paper is to explore the potential of process mining for the detection of intrusions into smart metering systems. As a case study the remote shutdown process has been modeled and a threat analysis was conducted leading to an extensive attack tree. It is shown that currently proposed process mining techniques based on conformance checking do not suffice to find all attacks of the attack tree; an inclusion of additional perspectives is necessary. Consequences for the design of a realistic testing environment based on simulations are discussed.

Download

Paper Citation

in Harvard Style

Eibl G., Ferner C., Hildebrandt T., Stertz F., Burkhart S., Rinderle-Ma S. and Engel D. (2017). Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 38-46. DOI: 10.5220/0006103900380046

in Bibtex Style

@conference{icissp17,
author={Günther Eibl and Cornelia Ferner and Tobias Hildebrandt and Florian Stertz and Sebastian Burkhart and Stefanie Rinderle-Ma and Dominik Engel},
title={Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={38-46},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006103900380046},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering
SN - 978-989-758-209-7
AU - Eibl G.
AU - Ferner C.
AU - Hildebrandt T.
AU - Stertz F.
AU - Burkhart S.
AU - Rinderle-Ma S.
AU - Engel D.
PY - 2017
SP - 38
EP - 46
DO - 10.5220/0006103900380046