Advertisement

Behavioral Classification of Business Process Executions at Runtime

  • Nick R. T. P. van Beest
  • Ingo Weber
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 281)

Abstract

Current automated methods to identify erroneous or malicious executions of a business process from logs, metrics, or other observable effects are based on detecting deviations from the normal behavior of the process. This requires a “single model of normative behavior”: the current execution either conforms to that model, or not. In this paper, we propose a method to automatically distinguish different behaviors during the execution of a process, so that a timely reaction can be triggered, e.g., to mitigate the risk of an ongoing attack. The behavioral classes are learned from event logs of a process, including branching probabilities and event frequencies. Using this method, harmful or problematic behavior can be identified during or even prior to its occurrence, raising alarms as early as undesired behavior is observable. The proposed method has been implemented and evaluated on a set of artificial logs capturing different types of exceptional behavior. Pushing the method to its edge in this evaluation, we provide a first assessment of where the method can clearly discriminate between classes of behavior, and where the differences are too small to make a clear determination.

References

  1. 1.
    Xu, X., Zhu, L., Weber, I., Bass, L., Sun, W.: POD-Diagnosis: error diagnosis of sporadic operations on cloud applications. In: IEEE/IFIP DSN (2014)Google Scholar
  2. 2.
    Nielsen, M., Plotkin, G.D., Winskel, G.: Petri nets, event structures and domains, part I. Theor. Comput. Sci. 13, 85–108 (1981)CrossRefzbMATHGoogle Scholar
  3. 3.
    van Beest, N.R.T.P., Dumas, M., García-Bañuelos, L., La Rosa, M.: Log delta analysis: interpretable differencing of business process event logs. In: Motahari-Nezhad, H.R., Recker, J., Weidlich, M. (eds.) BPM 2015. LNCS, vol. 9253, pp. 386–405. Springer, Cham (2015). doi: 10.1007/978-3-319-23063-4_26 CrossRefGoogle Scholar
  4. 4.
    Manning, C.D., Raghavan, P., Schütze, H.: Introduction to Information Retrieval. Cambridge Univ. Press, Cambridge (2008)CrossRefzbMATHGoogle Scholar
  5. 5.
    Van den Broucke, S., De Weerdt, J., Vanthienen, J., Baesens, B.: An improved process event log artificial negative event generator. Faculty of Economics and Business, KU Leuven (Belgium), Technical report KBI_1216 (2012)Google Scholar
  6. 6.
    Leontjeva, A., Conforti, R., Francescomarino, C., Dumas, M., Maggi, F.M.: Complex symbolic sequence encodings for predictive monitoring of business processes. In: Motahari-Nezhad, H.R., Recker, J., Weidlich, M. (eds.) BPM 2015. LNCS, vol. 9253, pp. 297–313. Springer, Cham (2015). doi: 10.1007/978-3-319-23063-4_21 CrossRefGoogle Scholar
  7. 7.
    Teinemaa, I., Dumas, M., Maggi, F.M., Francescomarino, C.: Predictive business process monitoring with structured and unstructured data. In: La Rosa, M., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850, pp. 401–417. Springer, Cham (2016). doi: 10.1007/978-3-319-45348-4_23 CrossRefGoogle Scholar
  8. 8.
    van der Aalst, W.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, New York (2011)CrossRefzbMATHGoogle Scholar
  9. 9.
    Weidlich, M., Polyvyanyy, A., Desai, N., Mendling, J., Weske, M.: Process compliance analysis based on behavioural profiles. Inf. Syst. 36(7), 1009–1025 (2011)CrossRefzbMATHGoogle Scholar
  10. 10.
    Maggi, F.M., Montali, M., Westergaard, M., Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132–147. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23059-2_13 CrossRefGoogle Scholar
  11. 11.
    van der Aalst, W., Adriansyah, A., van Dongen, B.: Replaying history on process models for conformance checking and performance analysis. WIREs Data Min. Knowl. Discov. 2(2), 182–192 (2012)CrossRefGoogle Scholar
  12. 12.
    Weber, I., Rogge-Solti, A., Li, C., Mendling, J.: CCaaS: online conformance checking as a service. In: Proceedings of BPM Demo Track, August 2015Google Scholar
  13. 13.
    Koskimies, K., Mäkinen, E.: Automatic synthesis of state machines from trace diagrams. Softw. Pract. Exper. 24(7), 643–658 (1994)CrossRefGoogle Scholar
  14. 14.
    Chen, X.J., Ural, H.: Automated recovery of protocol designs from execution histories. In: Proceedings of SCI 2001, pp. 103–108, July 2001Google Scholar
  15. 15.
    Uchitel, S., Brunet, G., Chechik, M.: Synthesis of partial behavior models from properties and scenarios. IEEE TSE 35(3), 384–406 (2009)Google Scholar
  16. 16.
    Song, M., Günther, C.W., Aalst, W.M.P.: Trace clustering in process mining. In: Ardagna, D., Mecella, M., Yang, J. (eds.) BPM 2008. LNBIP, vol. 17, pp. 109–120. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00328-8_11 CrossRefGoogle Scholar
  17. 17.
    De Weerdt, J., van den Broucke, S., Vanthienen, J., Baesens, B.: Active trace clustering for improved process discovery. IEEE TKDE 25(12), 2708–2720 (2013)Google Scholar
  18. 18.
    Yin, J., Yang, Q., Pan, J.J.: Sensor-based abnormal human-activity detection. IEEE TKDE 20(8), 1082–1090 (2008)Google Scholar
  19. 19.
    Jin, M., Zou, H., Weekly, K., Jia, R., Bayen, A.M., Spanos, C.J.: Environmental sensing by wearable device for indoor activity and location estimation. In: IEEE IECON (2014)Google Scholar
  20. 20.
    Vishwakarma, S., Agrawal, A.: A survey on activity recognition and behavior understanding in video surveillance. Vis. Comput. 29(10), 983–1009 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Data61, CSIROSpring HillAustralia
  2. 2.Data61, CSIROSydneyAustralia
  3. 3.University of New South WalesSydneyAustralia

Personalised recommendations