Cybersecurity Threat Detection Through Business Process Log Analysis

Cybersecurity management and orchestration are critical concerns in modern digital environments. Detecting anomalies effectively can mitigate risks and prevent breaches. This paper explores the application of methods and techniques from business process log analysis to detect cybersecurity threats, starting from system-level logs generated while using organizational information systems. Until now, cybersecurity threat detection has predominantly relied on identifying anomalies at the technical level. However, an organization’s business and operational levels contain rich information relevant to uncovering cybersecurity issues that cannot be detected through technical analysis alone. Business process log analysis provides a data-driven approach to comprehending the actual behavior of systems, enabling the identification of deviations from normal process execution that may indicate potential security threats. We propose a framework integrating process discovery and conformance checking to identify anomalous behavior patterns from system-level logs. A key aspect of our approach is its adaptability to user-defined policies and requirements, which guide the anomaly detection process. In this way, we guarantee that identified anomalies are relevant and actionable within the given context of an organization. The framework has been applied to real-world scenarios, and we demonstrate its effectiveness in identifying irregular activities.