Integrating Business Process Intelligence with AI for Real-Time Threat Detection in Critical U.S. Industries

Mohammad Majharul Islam Jabed, Sharmin Ferdous, Mahamuda khanom, Rokeya Begum Ankhi, Ahmed Sohaib Khawer, Amit Banwari Gupta

doi:10.15662/IJRAI.2024.0701004

Authors

Mohammad Majharul Islam Jabed, Sharmin Ferdous, Mahamuda khanom, Rokeya Begum Ankhi, Ahmed Sohaib Khawer, Amit Banwari Gupta School of IT, Washington University of Science and Technology, USA Author

DOI:

https://doi.org/10.15662/IJRAI.2024.0701004

Keywords:

Business Process Intelligence, Real-Time Threat Detection, Artificial Intelligence, Critical Infrastructure Security, Healthcare Cybersecurity

Abstract

Critical business industries (mainly healthcare) in the U.S., including financially oriented businesses, are increasingly vulnerable to cyber threats posed by sophisticated actors, complex digital environments, and expanding attack surfaces. Traditional security tools often fail to track real-time deviations in operational workflows, leading to delayed threat detection and significant operational, financial, and safety impacts. This paper proposes an integrated framework that leverages Business Process Intelligence (BPI) and advanced Artificial Intelligence (AI) analytics to detect threats in real time, aligned with the unique demands of these sectors. The framework uses process mining, anomaly detection, deep learning models, and continuous monitoring of event logs to spot the behavioral deviations in the live business processes. Through conceptual modeling, cross-industry analysis, and threat dataset evaluation from the public domain, the study demonstrates how behavior-based intrusion prevention enabled by AI (BPI) can identify abnormal patterns earlier in the process, reduce false positives, and enhance situational awareness for security teams. Case studies in healthcare, financial institutions, and energy demonstrate the applicability of the framework to detecting ransomware propagation in hospitals, fraudulent transaction flows in financial institutions, and anomalous SCADA commands in energy infrastructure. Results show that using BPI with AI offers remarkable stability for cyber resilience, rapid detection, and evidence-based decision-making. This research seeks to extend the growing field of smart cybersecurity by developing a scalable, data-driven model that can keep pace with evolving national cyber threats. The study concludes with recommendations for implementation, policy alignment, and future AI-enhanced governance strategies to fortify the security of U.S. critical infrastructure.

References

[1] Abedin, B., Alagar, V., &Elmiligi, H. (2019). Real-time threat detection using machine learning in cyber-physical systems. Journal of Cyber Security Technology, 3(3), 163–187. https://doi.org/10.1080/23742917.2019.1604785

[2] Alharkan, I., & Aslam, N. (2019). A survey on anomaly detection in industrial control systems. Security and Privacy, 2(6), e78. https://doi.org/10.1002/spy2.78

[3] Alshaikh, M., Maynard, S. B., Ahmad, A., & Chang, S. (2020). Information security governance: A systematic literature review. Information Systems Frontiers, 22(6), 1431–1466. https://doi.org/10.1007/s10796-019-09936-8

[4] Böhme, R., Laube, S., &Riek, M. (2020). A fundamental approach to cyber risk analysis. Journal of Information Security and Applications, 50, 102428. https://doi.org/10.1016/j.jisa.2019.102428

[5] Burattin, A., van Zelst, S. J., Di Francescomarino, C., Reijers, H. A., & van der Aalst, W. M. P. (2020). Special issue on Business Process Intelligence. Computing, 102(7), 1–4. https://doi.org/10.1007/s00607-020-00856-z

[6] Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys, 41(3), 1–58. https://doi.org/10.1145/1541880.1541882

[7] Coventry, L., &Branley, D. (2018). Cybersecurity in healthcare: A narrative review. Maturitas, 113, 48–52. https://doi.org/10.1016/j.maturitas.2018.04.008

[8] Dardenne, D., Marin, G., & Barros, A. (2019). Process mining and anomaly detection in business processes. Decision Support Systems, 121, 113–128. https://doi.org/10.1016/j.dss.2019.04.005

[9] Debar, H., Curry, D., & Feinstein, B. (2005). The intrusion detection message exchange format (IDMEF). RFC 4765. https://doi.org/10.17487/RFC4765

[10] Grigori, D., Casati, F., Castellanos, M., &Dayal, U. (2004). Business process intelligence. Computers in Industry, 53(3), 321–343. https://doi.org/10.1016/S0166-3615(03)00140-5

[11] He, H., & Garcia, E. A. (2009). Learning from imbalanced data. IEEE Transactions on Knowledge and Data Engineering, 21(9), 1263–1284. https://doi.org/10.1109/TKDE.2008.239

[12] Huang, C.-Y., & Tsai, Y.-H. (2019). Process mining-based anomaly detection in hospital information systems. Computers in Biology and Medicine, 109, 160–170. https://doi.org/10.1016/j.compbiomed.2019.04.014

[13] Khraisat, A., Gondal, I., Vamplew, P., &Kamruzzaman, J. (2019). Survey of intrusion detection systems. Cybersecurity, 2(1). https://doi.org/10.1186/s42400-019-0038-7

[14] Kiss, I., &Genge, B. (2019). Machine learning for cybersecurity in industrial control systems. Computers & Security, 87, 101588. https://doi.org/10.1016/j.cose.2019.101588

[15] Lippmann, R. P., et al. (2000). The 1999 DARPA off-line intrusion detection evaluation. Computer Networks, 34(4), 579–595. https://doi.org/10.1016/S1389-1286(00)00014-4

[16] Liu, H., Lang, B., Liu, M., & Yan, H. (2019). CNN and GRU-based deep cybersecurity intrusion detection system. IEEE Access, 7, 45195–45203. https://doi.org/10.1109/ACCESS.2019.2908282

[17] McLaughlin, S., Podkuiko, D., & McDaniel, P. (2016). Energy theft in the advanced metering infrastructure. International Journal of Critical Infrastructure Protection, 5(4), 116–123. https://doi.org/10.1016/j.ijcip.2012.08.002

[18] Mohaisen, D., & Chang, D. (2019). Artificial intelligence in cybersecurity: Research advances and challenges. IEEE Access, 7, 126471–126482. https://doi.org/10.1109/ACCESS.2019.2938400

[19] Munoz-Gama, J., et al. (2019). Conformance checking in healthcare process mining. Artificial Intelligence in Medicine, 97, 28–45. https://doi.org/10.1016/j.artmed.2019.02.006

[20] NIST. (2018). Framework for improving critical infrastructure cybersecurity. NIST Cybersecurity Framework (1.1). https://doi.org/10.6028/NIST.CSWP.04162018

[21] Noble, C., Li, W., & Thomas, R. (2019). Deep learning for critical infrastructure network intrusion detection. Computers & Security, 89, 101687. https://doi.org/10.1016/j.cose.2019.101687

[22] Phua, C., Lee, V., Smith, K., &Gayler, R. (2010). Data mining-based fraud detection research. Artificial Intelligence Review, 34(3), 1–14. https://doi.org/10.1007/s10462-009-9122-5

[23] Ransbotham, S., Mitra, S., & Ramsey, J. (2012). Fraud detection through machine learning. MIS Quarterly, 36(1), 1–21. https://doi.org/10.25300/MISQ/2012/36.1.02

[24] Russell, S., &Norvig, P. (2010). Artificial Intelligence: A modern approach (3rd ed.). Pearson. https://doi.org/10.5555/1671238

[25] Sardi, A., Mantovani, E., &Lezza, A. (2020). Cyber risk in health facilities. Sustainability, 12(17), 7002. https://doi.org/10.3390/su12177002

[26] Shirey, R. (2000). Internet security glossary (RFC 2828). https://doi.org/10.17487/RFC2828

[27] Sommer, R., &Paxson, V. (2010). On using ML for network intrusion detection. IEEE Security & Privacy, 8(1), 26–34. https://doi.org/10.1109/MSP.2010.25

[28] Stallings, W. (2013). Computer security: Principles and practice (3rd ed.). Pearson. https://doi.org/10.5555/2593158

[29] Sun, L., et al. (2018). Machine learning-based anomaly detection for smart grids. IEEE Access, 6, 10232–10240. https://doi.org/10.1109/ACCESS.2018.2796558

[30] Swanson, M., Hash, J., & Bowen, P. (2006). NIST SP 800-30: Guide for conducting risk assessments. https://doi.org/10.6028/NIST.SP.800-30

[31] Ten, C. W., Manimaran, G., & Liu, C.-C. (2010). Cybersecurity for critical infrastructures. IEEE Transactions on Systems, Man, and Cybernetics A, 40(4), 853–865. https://doi.org/10.1109/TSMCA.2010.2052450

[32] van der Aalst, W. M. P. (2015). Business Process Intelligence: Connecting data and processes. Communications of the ACM, 58(8), 76–82. https://doi.org/10.1145/2685352

[33] van der Aalst, W. M. P. (2016). Process mining: Data science in action (2nd ed.). Springer. https://doi.org/10.1007/978-3-662-49851-4

[34] Verma, A., &Ranga, V. (2020). Machine learning-based intrusion detection systems. Journal of Information Security and Applications, 54, 102534. https://doi.org/10.1016/j.jisa.2020.102534

[35] Wang, K., &Stolfo, S. (2004). Anomalous payload-based intrusion detection. RAID 2004, 203–222. https://doi.org/10.1007/978-3-540-30143-1_11

[36] Wang, W., et al. (2018). HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks for intrusion detection. IEEE Access, 6, 1792–1806. https://doi.org/10.1109/ACCESS.2018.2780172

[37] Wachter, S. (2018). Normative challenges of AI in cybersecurity. Computer Law & Security Review, 34(4), 863–871. https://doi.org/10.1016/j.clsr.2018.01.006

[38] Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2016). Information security in big data: Privacy and data mining. IEEE Communications Surveys & Tutorials, 18(2), 1165–1188. https://doi.org/10.1109/COMST.2015.2494505

[39] Yin, C., Zhu, Y., Fei, J., & He, X. (2017). Deep learning approach for intrusion detection. IEEE Access, 5, 21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418

[40] Zuech, R., Khoshgoftaar, T. M., & Wald, R. (2015). Intrusion detection and big data. Journal of Big Data, 2(1), 3. https://doi.org/10.1186/s40537-015-0013-4