Fraud detection in process aware systems

In the last years, some large companies have been involved in scandals related to accounting and financial mismanagement, which represented a large financial damage to their stockholders. To recover the stock market confidence, certifications and manuals for best practices of governance were developed, and in some cases, harder federal laws were implemented (eg.: Sarbox, in USA). Companies adhered to these changes as a response to the market, deploying process aware information systems (PAS) and adopting the best practices of governance. On the other hand, companies demand a rapid response to strategic changes, so the adoption of normative PAS may compromise their competitiveness. That is, the companies need flexible PAS for competitiveness reasons; whereas, flexibility may compromise the security of the system because the users can execute tasks that characterize a fraudulent execution. In order to re-balance the trade-off between security and flexibility, we present in this work an anomaly detection algorithm for logs of PAS. We believe that the identification of anomalous events can help the adoption of flexible PAS without the loss of security properties.

[1]  Wil M. P. van der Aalst,et al.  Genetic Process Mining: A Basic Approach and Its Challenges , 2005, Business Process Management Workshops.

[2]  San-Yih Hwang,et al.  A process-mining framework for the detection of healthcare fraud and abuse , 2006, Expert Syst. Appl..

[3]  Wil M. P. van der Aalst,et al.  Process mining: a research agenda , 2004, Comput. Ind..

[4]  Jacques Wainer,et al.  Anomaly detection algorithms in logs of process aware systems , 2008, SAC '08.

[5]  Dimitris Karagiannis,et al.  Workflow mining with InWoLvE , 2004, Comput. Ind..

[6]  Cw Christian Günther,et al.  Towards an evaluation framework for process mining algorithms , 2007 .

[7]  Alexander L. Wolf,et al.  Discovering models of software processes from event-based data , 1998, TSEM.

[8]  Tom Fawcett,et al.  Adaptive Fraud Detection , 1997, Data Mining and Knowledge Discovery.

[9]  Jacques Wainer,et al.  Anomaly Detection Algorithms in Business Process Logs , 2008, ICEIS.

[10]  Boudewijn F. van Dongen,et al.  Workflow mining: A survey of issues and approaches , 2003, Data Knowl. Eng..

[11]  Diane J. Cook,et al.  Graph-based anomaly detection , 2003, KDD '03.

[12]  Steven K. Donoho,et al.  Early detection of insider trading in option markets , 2004, KDD.

[13]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[14]  Jacques Wainer,et al.  A Workflow Mining Method Through Model Rewriting , 2005, CRIWG.

[15]  Andrew W. Moore,et al.  Detecting anomalous patterns in pharmacy retail data , 2005 .

[16]  Alexander L. Wolf,et al.  Discovering models of behavior for concurrent workflows , 2004, Comput. Ind..

[17]  Christos Faloutsos,et al.  Netprobe: a fast and scalable system for fraud detection in online auction networks , 2007, WWW '07.

[18]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[19]  Deepak K. Agarwal,et al.  An empirical Bayes approach to detect anomalies in dynamic multidimensional arrays , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[20]  Hugo Fuks,et al.  Groupware: Design, Implementation, and Use, 11th International Workshop, CRIWG 2005, Porto de Galinhas, Brazil, September 25-29, 2005, Proceedings , 2005, CRIWG.

[21]  Tom Fawcett,et al.  ROC Graphs: Notes and Practical Considerations for Researchers , 2007 .

[22]  Wil M.P. van der Aalst,et al.  Genetic Process Mining , 2005, ICATPN.

[23]  Dimitrios Gunopulos,et al.  Mining Process Models from Workflow Logs , 1998, EDBT.

[24]  Markus Hammori,et al.  Interactive workflow mining - requirements, concepts and implementation , 2006, Data Knowl. Eng..

[25]  Wil M. P. van der Aalst,et al.  Workflow Mining: Current Status and Future Directions , 2003, OTM.

[26]  Walter Daelemans,et al.  Automatic discovery of workflow models from hospital data , 2001 .

[27]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[28]  Shlomit S. Pinter,et al.  Discovering workflow models from activities' lifespans , 2004, Comput. Ind..

[29]  Guido Schimm,et al.  Mining exact models of concurrent workflows , 2004, Comput. Ind..

[30]  Wil M. P. van der Aalst,et al.  Conformance Testing: Measuring the Fit and Appropriateness of Event Logs and Process Models , 2005, Business Process Management Workshops.

[31]  Wil M. P. van der Aalst,et al.  Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance , 2005, WISP@ICATPN.