Abstract
Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller “unsuspicious” amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.
References
Allen, J.F.: Maintaining knowledge about temporal intervals. ACM 26(11), 832–843 (1983)
Atallah, M., Szpankowski, W., Gwadera, R.: Detection of significant sets of episodes in event sequences. In: Data Mining, pp. 3–10. IEEE (2004)
Bezerra, F., Wainer, J., Aalst, W.M.P.: Anomaly detection using process mining. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) BPMDS/EMMSAD -2009. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01862-6_13
Böhmer, K., Rinderle-Ma, S.: Automatic signature generation for anomaly detection in business process instance data. In: Schmidt, R., Guédria, W., Bider, I., Guerreiro, S. (eds.) BPMDS/EMMSAD -2016. LNBIP, vol. 248, pp. 196–211. Springer, Cham (2016). doi:10.1007/978-3-319-39429-9_13
Böhmer, K., Rinderle-Ma, S.: Multi-perspective anomaly detection in business process execution events. In: Debruyne, C., et al. (eds.) OTM 2016. LNCS, vol. 10033, pp. 80–98. Springer, Cham (2016). doi:10.1007/978-3-319-48472-3_5
Böhmer, K., Rinderle-Ma, S.: Anomaly detection in business process runtime behavior - challenges and limitations. arXiv (2017)
Chaoji, V., Rastogi, R., Roy, G.: Machine learning in the real world. VLDB Endowment 9(13), 1597–1600 (2016)
Chinchor, N., Sundheim, B.: Muc-5 evaluation metrics. In: Message Understanding, pp. 69–78. Computational Linguistics (1993)
Fdhila, W., Rinderle-Ma, S., Knuplesch, D., Reichert, M.: Change and compliance in collaborative processes. In: Services Computing, pp. 162–169. IEEE (2015)
Gupta, M., Gao, J., Aggarwal, C.C., Han, J.: Outlier detection for temporal data: a survey. Knowl. Data Eng. 26(9), 2250–2267 (2014)
de Leoni, M., van der Aalst, W.M., Dees, M.: A general process mining framework for correlating, predicting and clustering dynamic behavior based on event logs. Inf. Syst. 56, 235–257 (2016)
Rogge-Solti, A., Kasneci, G.: Temporal anomaly detection in business processes. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 234–249. Springer, Cham (2014). doi:10.1007/978-3-319-10172-9_15
Vogelgesang, T., et al.: Multidimensional process mining: questions, requirements, and limitations. In: España, S., Ivanović, M., Savić, M. (eds.) CAISE Forum, pp. 169–176. Springer, New York (2016)
Wieringa, R.J.: Design Science Methodology for Information Systems and Software Engineering. Springer, Heidelberg (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Böhmer, K., Rinderle-Ma, S. (2017). Multi Instance Anomaly Detection in Business Process Executions. In: Carmona, J., Engels, G., Kumar, A. (eds) Business Process Management. BPM 2017. Lecture Notes in Computer Science(), vol 10445. Springer, Cham. https://doi.org/10.1007/978-3-319-65000-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-65000-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64999-3
Online ISBN: 978-3-319-65000-5
eBook Packages: Computer ScienceComputer Science (R0)