Discovering process models for the analysis of application failures under uncertainty of event logs

Abstract Computer applications, such as servers, databases and middleware, ubiquitously emit execution traces stored in log files. The use of logs for the analysis of application failures is known since the early days of computers. Field data studies have shown that application logs are fraught with uncertainty, i.e., missing or noisy events in the logs. A body of research that has dealt successfully with uncertainty in event logs is process mining from the business process management community, specifically by discovering process models. The literature has shown the value of process mining across several domains, but as yet there is no study that quantifies possible improvements from using process models, and the impact of uncertainty in the context of application failures. This work addresses the use of process mining for detecting failures from application logs. First, process models are discovered from logs; then conformance checking is used to detect deviations from the models. We contribute to knowledge engineering research with a systematic measurement study that quantifies the failure detection capability of conformance checking in spite of missing events, and its accuracy with respect to process models obtained from noisy logs. Analysis is done with a dataset of 55,462 execution traces from three independent real-life applications. We obtain a mixed answer depending on the application under test; our measurements provide insights into the use of process mining for failure analysis.

[1]  Ravishankar K. Iyer,et al.  Failure data analysis of a LAN of Windows NT based computers , 1999, Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems.

[2]  Jianmin Wang,et al.  Mining process models with non-free-choice constructs , 2007, Data Mining and Knowledge Discovery.

[3]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[4]  Chao Li,et al.  CCaaS: Online Conformance Checking as a Service , 2015, BPM.

[5]  Boudewijn F. van Dongen,et al.  The ProM Framework: A New Era in Process Mining Tool Support , 2005, ICATPN.

[6]  Wil M. P. van der Aalst,et al.  Conformance Testing: Measuring the Fit and Appropriateness of Event Logs and Process Models , 2005, Business Process Management Workshops.

[7]  Zhao Li,et al.  Evaluating Web software reliability based on workload and failure data extracted from server logs , 2004, IEEE Transactions on Software Engineering.

[8]  Inderpal S. Bhandari,et al.  Orthogonal Defect Classification - A Concept for In-Process Measurements , 1992, IEEE Trans. Software Eng..

[9]  Jacques Wainer,et al.  Anomaly Detection Using Process Mining , 2009, BMMDS/EMMSAD.

[10]  Franck Cappello,et al.  Adaptive event prediction strategy with dynamic time window for large-scale HPC systems , 2011, SLAML '11.

[11]  Wil M. P. van der Aalst,et al.  Fuzzy Mining - Adaptive Process Simplification Based on Multi-perspective Metrics , 2007, BPM.

[12]  Ernest Foo,et al.  Process Discovery for Industrial Control System Cyber Attack Detection , 2017, SEC.

[13]  Zhonghua Ni,et al.  Mining event logs to support workflow resource allocation , 2012, Knowl. Based Syst..

[14]  Manuel Mucientes,et al.  Recompiling learning processes from event logs , 2016, Knowl. Based Syst..

[15]  Domenico Cotroneo,et al.  Characterizing Direct Monitoring Techniques in Software Systems , 2016, IEEE Transactions on Reliability.

[16]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[17]  Sander J. J. Leemans,et al.  Discovering Block-Structured Process Models from Event Logs - A Constructive Approach , 2013, Petri Nets.

[18]  Fabio Casati,et al.  Deriving Protocol Models from Imperfect Service Conversation Logs , 2008, IEEE Transactions on Knowledge and Data Engineering.

[19]  Boudewijn F. van Dongen,et al.  On the Role of Fitness, Precision, Generalization and Simplicity in Process Discovery , 2012, OTM Conferences.

[20]  Liming Zhu,et al.  Discovering and Visualizing Operations Processes with POD-Discovery and POD-Viz , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[21]  Yuriy Brun,et al.  Inferring models of concurrent systems from logs of their behavior with CSight , 2014, ICSE.

[22]  Stefano Russo,et al.  Detection of Software Failures through Event Logs: An Experimental Study , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[23]  Wil M. P. van der Aalst,et al.  A Rule-Based Approach for Process Discovery: Dealing with Noise and Imbalance in Process Logs , 2005, Data Mining and Knowledge Discovery.

[24]  Ravishankar K. Iyer,et al.  Characterization of operational failures from a business data processing SaaS platform , 2014, ICSE Companion.

[25]  Ingo Weber,et al.  Metric selection and anomaly detection for cloud operations using log and metric correlation analysis , 2017, J. Syst. Softw..

[26]  Boudewijn F. van Dongen,et al.  Process Discovery using Integer Linear Programming , 2009, Fundam. Informaticae.

[27]  Manuvir Das,et al.  Perracotta: mining temporal API rules from imperfect traces , 2006, ICSE.

[28]  Domenico Cotroneo,et al.  Failure classification and analysis of the Java Virtual Machine , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[29]  Wil M. P. van der Aalst,et al.  Process Mining - Discovery, Conformance and Enhancement of Business Processes , 2011 .

[30]  David Lo,et al.  Learning extended FSA from software: An empirical assessment , 2012, J. Syst. Softw..

[31]  Yingjun Zhang,et al.  Broad-spectrum studies of log file analysis , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[32]  Wei Xu,et al.  Advances and challenges in log analysis , 2011, Commun. ACM.

[33]  Evangelos E. Milios,et al.  A Lightweight Algorithm for Message Type Extraction in System Application Logs , 2012, IEEE Transactions on Knowledge and Data Engineering.

[34]  Domenico Cotroneo,et al.  On Fault Representativeness of Software Fault Injection , 2013, IEEE Transactions on Software Engineering.

[35]  Leonardo Mariani,et al.  Automated Identification of Failure Causes in System Logs , 2008, 2008 19th International Symposium on Software Reliability Engineering (ISSRE).

[36]  Evangelos Grigoroudis,et al.  Supporting healthcare management decisions via robust clustering of event logs , 2015, Knowl. Based Syst..

[37]  Liming Zhu,et al.  POD-Diagnosis: Error Diagnosis of Sporadic Operations on Cloud Applications , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[38]  Michael I. Jordan,et al.  Detecting large-scale system problems by mining console logs , 2009, SOSP '09.

[39]  Henrique Madeira,et al.  Emulation of Software Faults: A Field Data Study and a Practical Approach , 2006, IEEE Transactions on Software Engineering.

[40]  Jon Stearley,et al.  What Supercomputers Say: A Study of Five System Logs , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[41]  Daniel P. Siewiorek,et al.  VAX/VMS event monitoring and analysis , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[42]  Jian Li,et al.  An Evaluation Study on Log Parsing and Its Use in Log Mining , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[43]  Mohamed Kaâniche,et al.  Availability assessment of SunOS/Solaris Unix systems based on syslogd and wtmpx log files: A case study , 2005, 11th Pacific Rim International Symposium on Dependable Computing (PRDC'05).

[44]  Arthur H. M. ter Hofstede,et al.  Filtering Out Infrequent Behavior from Business Process Event Logs , 2017, IEEE Transactions on Knowledge and Data Engineering.

[45]  Alexander L. Wolf,et al.  Discovering models of software processes from event-based data , 1998, TSEM.

[46]  Luís Moura Silva Comparing Error Detection Techniques for Web Applications: An Experimental Study , 2008, 2008 Seventh IEEE International Symposium on Network Computing and Applications.

[47]  James H. Andrews,et al.  General Test Result Checking with Log File Analysis , 2003, IEEE Trans. Software Eng..