English
Related papers

Related papers: TapTree: Process-Tree Based Host Behavior Modeling…

200 papers

The development of machine learning algorithms in the cyber security domain has been impeded by the complex, hierarchical, sequential and multimodal nature of the data involved. In this paper we introduce the notion of a streaming tree as a…

Cryptography and Security · Computer Science 2021-09-30 Thomas Cochrane , Peter Foster , Varun Chhabra , Maud Lemercier , Cristopher Salvi , Terry Lyons

Monitoring and analyzing process traces is a critical task for modern companies and organizations. In scenarios where there is a gap between trace events and reference business activities, this entails an interpretation problem, amounting…

Artificial Intelligence · Computer Science 2026-05-26 Bettina Fazzinga , Sergio Flesca , Filippo Furfaro , Luigi Pontieri , Francesco Scala

Process mining analyzes business processes based on events stored in event logs. However, some recorded events may correspond to activities on a very low level of abstraction. When events are recorded on a too low level of granularity,…

Databases · Computer Science 2017-05-17 Felix Mannhardt , Niek Tax

Cyber threat hunting is a proactive search process for hidden threats in the organization's information system. It is a crucial component of active defense against advanced persistent threats (APTs). However, most of the current threat…

Cryptography and Security · Computer Science 2022-08-19 Jiawei Li , Ru Zhang , Jianyi Liu , Gongshen Liu

Process mining provides methods to analyse event logs generated by information systems during the execution of processes. It thereby supports the design, validation, and execution of processes in domains ranging from healthcare, through…

Databases · Computer Science 2024-02-06 Mehdi Acheli , Daniela Grigori , Matthias Weidlich

Insiders usually cause significant losses to organizations and are hard to detect. Currently, various approaches have been proposed to achieve insider threat detection based on analyzing the audit data that record information of the…

Cryptography and Security · Computer Science 2019-10-11 Shuhan Yuan , Panpan Zheng , Xintao Wu , Qinghua Li

Process mining methods often analyze processes in terms of the individual end-to-end process runs. Process behavior, however, may materialize as a general state of many involved process components, which can not be captured by looking at…

Databases · Computer Science 2022-11-02 Bianka Bakullari , Wil M. P. van der Aalst

Insider threats represent one of the most critical challenges in modern cybersecurity. These threats arise from individuals within an organization who misuse their legitimate access to harm the organization's assets, data, or operations.…

Cryptography and Security · Computer Science 2025-05-22 Anas Ali , Mubashar Husain , Peter Hans

Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external…

Cryptography and Security · Computer Science 2021-02-26 Peng Gao , Fei Shao , Xiaoyuan Liu , Xusheng Xiao , Haoyuan Liu , Zheng Qin , Fengyuan Xu , Prateek Mittal , Sanjeev R. Kulkarni , Dawn Song

Many tasks in natural language processing require the extraction of relationship information for a given condition, such as event argument extraction, relation extraction, and task-oriented semantic parsing. Recent works usually propose…

Computation and Language · Computer Science 2023-05-29 I-Hung Hsu , Kuan-Hao Huang , Shuning Zhang , Wenxin Cheng , Premkumar Natarajan , Kai-Wei Chang , Nanyun Peng

This thesis focuses on process mining on event data where such a normative specification is absent and, as a result, the event data is less structured. The thesis puts special emphasis on one application domain that fits this description:…

Artificial Intelligence · Computer Science 2019-09-05 Niek Tax

Advanced Persistent Threats (APTs) evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a…

Cryptography and Security · Computer Science 2026-05-06 Trung V. Phan , Thomas Bauschert

Process mining aims to gain knowledge of business processes via the discovery of process models from event logs generated by information systems. The insights revealed from process mining heavily rely on the quality of the event logs.…

Databases · Computer Science 2022-06-15 Qifan Chen , Yang Lu , Charmaine S. Tam , Simon K. Poon

Process mining techniques focus on extracting insight in processes from event logs. Process mining has the potential to provide valuable insights in (un)healthy habits and to contribute to ambient assisted living solutions when applied on…

Machine Learning · Computer Science 2018-01-11 Niek Tax , Natalia Sidorova , Reinder Haakma , Wil M. P. van der Aalst

Process mining has emerged as a way to analyze the behavior of an organization by extracting knowledge from event logs and by offering techniques to discover, monitor and enhance real processes. In the discovery of process models,…

Artificial Intelligence · Computer Science 2017-10-17 David Chapela-Campa , Manuel Mucientes , Manuel Lama

Advanced Persistent Threats (APTs) are among the most challenging cyberattacks to detect. They are carried out by highly skilled attackers who carefully study their targets and operate in a stealthy, long-term manner. Because APTs exhibit…

Process data, temporally ordered categorical observations, are of recent interest due to its increasing abundance and the desire to extract useful information. A process is a collection of time-stamped events of different types, recording…

Methodology · Statistics 2025-01-08 Guanhua Fang , Zhiliang Ying

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of…

Various and ubiquitous information systems are being used in monitoring, exchanging, and collecting information. These systems are generating massive amount of event sequence logs that may help us understand underlying phenomenon. By…

Machine Learning · Statistics 2018-07-13 Yihuang Kang , Vladimir Zadorozhny

AI-driven penetration testing agents are now capable of autonomously executing attacks within compromised networks. Identifying the model family that controls the active sessions of such agents provides valuable information towards…

Cryptography and Security · Computer Science 2026-05-05 Murali Ediga , Sudipta Chattopadhyay