Process Mining and Network Protocols

Inhaltsverzeichnis (Table of Contents)

• Introduction
  • Process Mining
  • Business processes and network protocols
  • Vision
  • Idea, leading questions and strategy
  • Outcome
  • Structure of thesis
• Process Mining and related topics
  • The BPM life-cycle
  • Process modeling notations
  • Positioning process mining
  • Process models, analysis and limitations
    • Model-based process analysis
    • Limitations
  • Perspectives of process mining
  • Types of process mining
    • Play-in
    • Play-out
    • Replay
  • Discussion
    • Discovery
    • Conformance
    • Enhancement
  • Findings
• Properties and quality
  • Event data
    • Quality criteria and checks
    • Extensible event stream
  • Notation frameworks
  • Evaluation of algorithms
    • Problem statement
    • What "Disco" does
    • Challenges for algorithms and notation systems
    • Categorization of process mining algorithms
    • Algorithms and plug-ins for control-flow discovery
    • Fuzzy Miner
  • Process models
  • Findings - The weapons of choice
• Prerequisites and -processing
  • Data extraction
  • Data transformation
  • Load data
  • Automating the ETL procedure for TCP
  • Findings
• Proof of Concept
  • Mining TCP with Disco
    • Extracting relevant information
    • Results
  • Discussion
  • Mining TCP with RapidMiner
    • Adjustments in the results perspective
  • Findings
• Reasonable applications, adaptions and enhancements
  • Mining HTTP
    • Results
    • Discussion
  • Moving towards bigger captures
    • SplitCap
    • Adaptions to the ETL script
  • Protocol reverse engineering
    • Gathering data
    • Results
    • Discussion
  • Findings

Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)

This thesis aims to explore the application of process mining techniques and algorithms to network protocols. It investigates how process mining, a discipline that bridges computational intelligence, data mining, process modeling, and analysis, can be leveraged to understand and enhance network protocol behavior. The work focuses on analyzing event data generated by network protocols, extracting insights into their control flow, and exploring the potential for optimizing their performance and security.

• The application of process mining techniques to network protocols
• The discovery, conformance checking, and enhancement of network protocol behavior based on event data
• The identification and evaluation of suitable algorithms and notation systems for process mining in the context of network protocols
• The development and implementation of a proof of concept for applying process mining to TCP
• The exploration of additional applications, such as mining alternative protocols and handling large-scale event data

Zusammenfassung der Kapitel (Chapter Summaries)

• Chapter 1: Introduction - Introduces the concept of process mining and its relevance to network protocols, outlining the thesis's vision, objectives, and research approach. It also provides a brief overview of the thesis's structure.
• Chapter 2: Process Mining and Related Topics - Provides a comprehensive overview of process mining, including its role within the Business Process Management (BPM) lifecycle, various process modeling notations, and key perspectives on process mining. It also examines the limitations of process mining and discusses different types of process mining, such as play-in, play-out, and replay.
• Chapter 3: Properties and Quality - Focuses on the crucial aspects of process mining related to data quality, notation frameworks, and algorithm evaluation. This includes an analysis of event data quality criteria, a discussion of different notation systems, and an overview of process mining algorithms, specifically highlighting the "Disco" algorithm and its capabilities.
• Chapter 4: Prerequisites and -processing - Details the process of preparing and processing event data for process mining, covering steps such as data extraction, transformation, and loading. It also discusses the automation of the ETL (Extract, Transform, Load) procedure for TCP data.
• Chapter 5: Proof of Concept - Presents a practical demonstration of process mining applied to TCP using the "Disco" algorithm. It outlines the process of extracting relevant information from TCP event data and analyzes the resulting process models.
• Chapter 6: Reasonable Applications, Adaptions and Enhancements - Investigates potential extensions and applications of process mining beyond TCP, including its use in mining HTTP data, handling large event data sets, and its application to protocol reverse engineering.

Schlüsselwörter (Keywords)

This work focuses on process mining, network protocols, event data analysis, algorithm evaluation, notation systems, TCP, HTTP, and protocol reverse engineering. It explores the application of process mining techniques and algorithms for discovering, analyzing, and enhancing the behavior of network protocols, using event data as the primary source of information. The research investigates the practical implementation of process mining for network protocols, including data preparation, algorithm selection, model generation, and potential extensions to other protocols and applications.