Anomaly Detection Algorithms in Business Process Logs

In some domains of application, like software development and health care processes, a normative business process system (e.g. workflow management system) is not appropriate because a flexible support is needed to the participants. On the other hand, while it is important to support flexibility of execution in these domains, security requirements can not be met whether these systems do not offer extra control, which characterizes a trade off between flexibility and security in such domains. This work presents and assesses a set of anomaly detection algorithms in logs of Process Aware Systems (PAS). The detection of an anomalous instance is based on the “noise” which an instance makes in a process model discovered by a process mining algorithm. As a result, a trace that is an anomaly for a discovered model will require more structural changes for this model fit it than a trace that is not an anomaly. Hence, when aggregated to PAS, these methods can support the coexistence of security and flexibility.

[1]  Tom Fawcett,et al.  ROC Graphs: Notes and Practical Considerations for Researchers , 2007 .

[2]  Christos Faloutsos,et al.  Netprobe: a fast and scalable system for fraud detection in online auction networks , 2007, WWW '07.

[3]  Jacques Wainer,et al.  A Workflow Mining Method Through Model Rewriting , 2005, CRIWG.

[4]  Markus Hammori,et al.  Interactive workflow mining - requirements, concepts and implementation , 2006, Data Knowl. Eng..

[5]  Wil M. P. van der Aalst,et al.  Workflow Mining: Current Status and Future Directions , 2003, OTM.

[6]  Guido Schimm,et al.  Mining exact models of concurrent workflows , 2004, Comput. Ind..

[7]  Wil M. P. van der Aalst,et al.  Mining Social Networks: Uncovering Interaction Patterns in Business Processes , 2004, Business Process Management.

[8]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[9]  Alexander L. Wolf,et al.  Discovering models of software processes from event-based data , 1998, TSEM.

[10]  Tom Fawcett,et al.  Adaptive Fraud Detection , 1997, Data Mining and Knowledge Discovery.

[11]  Dimitrios Gunopulos,et al.  Mining Process Models from Workflow Logs , 1998, EDBT.

[12]  Walter Daelemans,et al.  Automatic discovery of workflow models from hospital data , 2001 .

[13]  Deepak K. Agarwal,et al.  An empirical Bayes approach to detect anomalies in dynamic multidimensional arrays , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[14]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems. OTM 2018 Conferences , 2018, Lecture Notes in Computer Science.

[15]  Wil M. P. van der Aalst,et al.  Conformance Testing: Measuring the Fit and Appropriateness of Event Logs and Process Models , 2005, Business Process Management Workshops.

[16]  Wil M. P. van der Aalst,et al.  Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance , 2005, WISP@ICATPN.

[17]  Andrew W. Moore,et al.  Detecting anomalous patterns in pharmacy retail data , 2005 .

[18]  Diane J. Cook,et al.  Graph-based anomaly detection , 2003, KDD '03.

[19]  Steven K. Donoho,et al.  Early detection of insider trading in option markets , 2004, KDD.

[20]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[21]  Wil M. P. van der Aalst,et al.  Genetic Process Mining: A Basic Approach and Its Challenges , 2005, Business Process Management Workshops.