Thesis - generating knowledgebase of common behavior and workflow patterns for secure systems

Abstract

Knowledge discovery from large data for system security management and threat detection have been a complex task due to large number of users and the dynamic nature of distributed systems. Healthcare organizations as a sensitive application domain serve a large community of users with different roles performing different sets of tasks. It is a complex process for one to one monitoring of all user's interactions to maintain a secure system. Thus, we need a complex system capable of handling and monitoring user's actions closely. To solve this issue, we propose a system that considers user's real-time behavioral activities and their predefined workflows based on their roles. We record system access log to capture users run-time information and apply data mining techniques to extract the common behavior patterns. These common behavior patterns help to analyze the common activities within the system. Adding knowledge base of workflow helps to make the system more robust by predefining the set of actions the user can perform. A search based engine is then applied to common behavior knowledgebase and workflow knowledgebase to discover the hidden knowledge behind user's interaction with the system. We construct a Petri Net of workflow to support the proposed architecture and validate the major findings using various healthcare scenarios in Prom tool. This thesis presents a knowledge driven decision support system that effectively assists the system administrator to get a deep insight into the user behavior, track insecure activities and redefine existing processes. The illustrative case study is an indication that it is both feasible and effective.