Pariket: Mining Business Process Logs for Root Cause Analysis of Anomalous Incidents

Process mining consists of extracting knowledge and actionable information from event-logs recorded by Process Aware Information Systems (PAIS). PAIS are vulnerable to system failures, malfunctions, fraudulent and undesirable executions resulting in anomalous trails and traces. The flexibility in PAIS resulting in large number of trace variants and the large volume of event-logs makes it challenging to identify anomalous executions and determining their root causes. We propose a framework and a multi-step process to identify root causes of anomalous traces in business process logs. We first transform the event-log into a sequential dataset and apply Window-based and Markovian techniques to identify anomalies. We then integrate the basic event-log data consisting of the Case ID, time-stamp and activity with the contextual data and prepare a dataset consisting of two classes (anomalous and normal). We apply Machine Learning techniques such as decision tree classifiers to extract rules (explaining the root causes) describing anomalous transactions. We use advanced visualization techniques such as parallel plots to present the data in a format making it easy for a process analyst to identify the characteristics of anomalous executions. We conduct a triangulation study to gather multiple evidences to validate the effectiveness and accuracy of our approach.

[1]  Hongyan Ma,et al.  Process-aware information systems: Bridging people and software through process technology , 2007, J. Assoc. Inf. Sci. Technol..

[2]  Jacques Wainer,et al.  Fraud detection in process aware systems , 2008, Int. J. Bus. Process. Integr. Manag..

[3]  Ian H. Witten,et al.  Weka: Practical machine learning tools and techniques with Java implementations , 1999 .

[4]  Y. Zhao,et al.  Comparison of decision tree methods for finding active objects , 2007, 0708.4274.

[5]  Junichi Iijima,et al.  Using Inductive Reasoning to Find the Cause of Process Delays , 2013, 2013 IEEE 15th Conference on Business Informatics.

[6]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .

[7]  Wil M. P. van der Aalst,et al.  Root Cause Analysis with Enriched Process Logs , 2012, Business Process Management Workshops.

[8]  Selmin Nurcan,et al.  Enterprise, Business-Process and Information Systems Modeling - 12th International Conference, BPMDS 2011, and 16th International Conference, EMMSAD 2011, held at CAiSE 2011, London, UK, June 20-21, 2011. Proceedings , 2011, BMMDS/EMMSAD.

[9]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[10]  P. T. G. Hornix Performance Analysis of Business Processes through Process Mining , 2007 .

[11]  Luc De Raedt,et al.  Inductive Logic Programming: Theory and Methods , 1994, J. Log. Program..

[12]  Jacques Wainer,et al.  Algorithms for anomaly detection of traces in logs of process aware information systems , 2013, Inf. Syst..

[13]  Jacques Wainer,et al.  A Workflow Mining Method Through Model Rewriting , 2005, CRIWG.

[14]  Vipin Kumar,et al.  Anomaly Detection for Discrete Sequences: A Survey , 2012, IEEE Transactions on Knowledge and Data Engineering.

[15]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[16]  Jesus Favela,et al.  Groupware: Design, Implementation, and Use , 2003, Lecture Notes in Computer Science.

[17]  Ilia Bider,et al.  Enterprise, Business-Process and Information Systems Modeling , 2014, Lecture Notes in Business Information Processing.

[18]  Jacques Wainer,et al.  Anomaly Detection Using Process Mining , 2009, BMMDS/EMMSAD.

[19]  Gjergji Kasneci,et al.  Temporal Anomaly Detection in Business Processes , 2014, BPM.

[20]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[21]  Blaz Zupan,et al.  Open-source tools for data mining. , 2008, Clinics in laboratory medicine.

[22]  Dana Ron,et al.  The power of amnesia: Learning probabilistic automata with variable memory length , 1996, Machine Learning.

[23]  Jan Mendling,et al.  Root Cause Analysis in Business Processes , 2008 .

[24]  Jane Fielding,et al.  Triangulation and integration: processes, claims and implications , 2006 .

[25]  Jacques Wainer,et al.  A Dynamic Threshold Algorithm for Anomaly Detection in Logs of Process Aware Systems , 2012, J. Inf. Data Manag..

[26]  E. Ziegel,et al.  Root Cause Analysis , 2010, Journal of Clinical Engineering.

[27]  Hendrik Blockeel,et al.  Top-Down Induction of First Order Logical Decision Trees , 1998, AI Commun..

[28]  Jacques Wainer,et al.  Anomaly detection algorithms in logs of process aware systems , 2008, SAC '08.

[29]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.