Skip to main content
SpringerLink
Log in

Multi Instance Anomaly Detection in Business Process Executions

  • Conference paper
  • First Online:
Business Process Management (BPM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10445))

Included in the following conference series:

Abstract

Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller “unsuspicious” amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    http://www.win.tue.nl/bpi/2015/challenge—DOI:10.4121/uuid:31a308ef-c844-48da-948c-305d167a0ec1.

  2. 2.

    http://www.win.tue.nl/bpi/doku.php?id=2017—DOI:10.4121/uuid:5f3067df-f10b-45da-b98b-86ae4c7a310b.

References

  1. Allen, J.F.: Maintaining knowledge about temporal intervals. ACM 26(11), 832–843 (1983)

    Article  Google Scholar 

  2. Atallah, M., Szpankowski, W., Gwadera, R.: Detection of significant sets of episodes in event sequences. In: Data Mining, pp. 3–10. IEEE (2004)

    Google Scholar 

  3. Bezerra, F., Wainer, J., Aalst, W.M.P.: Anomaly detection using process mining. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) BPMDS/EMMSAD -2009. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01862-6_13

    Chapter  Google Scholar 

  4. Böhmer, K., Rinderle-Ma, S.: Automatic signature generation for anomaly detection in business process instance data. In: Schmidt, R., Guédria, W., Bider, I., Guerreiro, S. (eds.) BPMDS/EMMSAD -2016. LNBIP, vol. 248, pp. 196–211. Springer, Cham (2016). doi:10.1007/978-3-319-39429-9_13

    Chapter  Google Scholar 

  5. Böhmer, K., Rinderle-Ma, S.: Multi-perspective anomaly detection in business process execution events. In: Debruyne, C., et al. (eds.) OTM 2016. LNCS, vol. 10033, pp. 80–98. Springer, Cham (2016). doi:10.1007/978-3-319-48472-3_5

    Chapter  Google Scholar 

  6. Böhmer, K., Rinderle-Ma, S.: Anomaly detection in business process runtime behavior - challenges and limitations. arXiv (2017)

    Google Scholar 

  7. Chaoji, V., Rastogi, R., Roy, G.: Machine learning in the real world. VLDB Endowment 9(13), 1597–1600 (2016)

    Article  Google Scholar 

  8. Chinchor, N., Sundheim, B.: Muc-5 evaluation metrics. In: Message Understanding, pp. 69–78. Computational Linguistics (1993)

    Google Scholar 

  9. Fdhila, W., Rinderle-Ma, S., Knuplesch, D., Reichert, M.: Change and compliance in collaborative processes. In: Services Computing, pp. 162–169. IEEE (2015)

    Google Scholar 

  10. Gupta, M., Gao, J., Aggarwal, C.C., Han, J.: Outlier detection for temporal data: a survey. Knowl. Data Eng. 26(9), 2250–2267 (2014)

    Article  Google Scholar 

  11. de Leoni, M., van der Aalst, W.M., Dees, M.: A general process mining framework for correlating, predicting and clustering dynamic behavior based on event logs. Inf. Syst. 56, 235–257 (2016)

    Article  Google Scholar 

  12. Rogge-Solti, A., Kasneci, G.: Temporal anomaly detection in business processes. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 234–249. Springer, Cham (2014). doi:10.1007/978-3-319-10172-9_15

    Chapter  Google Scholar 

  13. Vogelgesang, T., et al.: Multidimensional process mining: questions, requirements, and limitations. In: España, S., Ivanović, M., Savić, M. (eds.) CAISE Forum, pp. 169–176. Springer, New York (2016)

    Google Scholar 

  14. Wieringa, R.J.: Design Science Methodology for Information Systems and Software Engineering. Springer, Heidelberg (2014)

    Book  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, University of Vienna, Vienna, Austria

    Kristof Böhmer & Stefanie Rinderle-Ma

Authors
  1. Kristof Böhmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefanie Rinderle-Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kristof Böhmer .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Universitat Politècnica de Catalunya, Barcelona, Spain

    Josep Carmona

  2. Department of Computer Science, University of Paderborn, Paderborn, Germany

    Gregor Engels

  3. Department of Supply Chain and Information Systems, Pennsylvania State University, University Park, Pennsylvania, USA

    Akhil Kumar

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Böhmer, K., Rinderle-Ma, S. (2017). Multi Instance Anomaly Detection in Business Process Executions. In: Carmona, J., Engels, G., Kumar, A. (eds) Business Process Management. BPM 2017. Lecture Notes in Computer Science(), vol 10445. Springer, Cham. https://doi.org/10.1007/978-3-319-65000-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65000-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64999-3

  • Online ISBN: 978-3-319-65000-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation