Utilizing Process Mining and Deep Learning to Detect IoT / IIoT Cyberattacks – A Hybrid Approach

This dissertation explores a critical issue in computational cybersecurity methods, emphasizing the limitations of Machine Learning (ML) and Deep Learning (DL) models that rely heavily on extensive datasets of normal and synthesized attack data points. Given the scarcity of real attack data and the impracticality of using synthesized data for training in real-world applications, the research advocates for a shift towards realistic and sustainable anomaly detection and system defense strategies. Central to this study is the exploration of alternative methodologies that focus on understanding and learning from the system’s normal operational behavior, particularly in industrial and Industrial Internet of Things (IIoT) environments. The research introduces event-based analysis through process mining in Industrial Control Systems (ICSs), facilitating a deeper understanding of network communications and operational patterns. Additionally, the use of Generative Adversarial Networks (GANs) is proposed to generate network logs that simulate potential future observations in IoT healthcare systems, enhancing anomaly detection capabilities. This dissertation suggests a new direction in cybersecurity for IoT and IIoT across various sectors, proposing a behavior-based anomaly detection framework that transcends traditional attack-centric models. By focusing on normal operations and utilizing advanced predictive techniques, this work aims to establish a more nuanced and proactive security approach, offering a significant advancement towards a more effective cybersecurity paradigm.