Using a Deep Understanding of Network Activities for Workflow Mining

  • Mona LangeEmail author
  • Felix Kuhr
  • Ralf Möller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9904)


Workflow mining is the task of automatically detecting workflows from a set of event logs. We argue that network traffic can serve as a set of event logs and, thereby, as input for workflow mining. Networks produce large amounts of network traffic and we are able to extract sequences of workflow events by applying data mining techniques. We come to this conclusion due to the following observation: Network traffic consists of network packets, which are exchanged between network devices in order to share information to fulfill a common task. This common task corresponds to a workflow event and, when observed over time, we are able to record sequences of workflow events and model workflows as Hidden Markov models (HMM). Sequences of workflow events are caused by network dependencies, which force distributed network devices to interact. To automatically derive workflows based on network traffic, we propose a methodology based on network service dependency mining.


Workflow mining Hidden Markov model Network dependency analysis 



This work was partly supported by the Seventh Framework Programme (FP7) of the European Commission as part of the PANOPTESEC integrated research project (GA 610416).


  1. 1.
    Bahl, P., Chandra, R., Greenberg, A., Kandula, S., Maltz, D.A., Zhang, M.: Towards highly reliable enterprise network services via inference of multi-level dependencies. In: ACM SIGCOMM Computer Communication Review, vol. 37, pp. 13–24. ACM (2007)Google Scholar
  2. 2.
    Blum, T., Padoy, N., Feußner, H., Navab, N.: Workflow mining for visualization and analysis of surgeries. Int. J. Comput. Assist. Radiol. Surg. 3(5), 379–386 (2008)CrossRefGoogle Scholar
  3. 3.
    Chen, X., Zhang, M., Mao, Z.M., Bahl, P.: Automating network application dependency discovery: experiences, limitations, and new solutions. OSDI 8, 117–130 (2008)Google Scholar
  4. 4.
    Forney, G.D.: The viterbi algorithm. Proc. IEEE 61(3), 268–278 (1973)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Herbst, J.: A machine learning approach to workflow management. In: Lopez de Mantaras, R., Plaza, E. (eds.) ECML 2000. LNCS (LNAI), vol. 1810, pp. 183–194. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Kolmogorov, A.N.: Foundations of the Theory of Probability. Chelsea publishing company, New York (1950)zbMATHGoogle Scholar
  7. 7.
    Mona Lange, R.M.: Time Series data mining for network service dependency analysis. In: The 9th International Conference on Computational Intelligence in Security for Information Systems. Springer, Heidelberg (2016)Google Scholar
  8. 8.
    Natarajan, A., Ning, P., Liu, Y., Jajodia, S., Hutchinson, S.E.: NSDMiner: automated discovery of network service dependencies. IEEE (2012)Google Scholar
  9. 9.
    Priyadharshini, V., Malathi, A.: Analysis of process mining model for software reliability dataset using HMM. Indian J. Sci. Technol. 9(4), 1–5 (2016)Google Scholar
  10. 10.
    Rozinat, A., Veloso, M., van der Aalst, W.M.: Using hidden markov models to evaluate the quality of discovered process models. Extended Version. BPM Center Report BPM-08-10, BPMcenter. org (2008)Google Scholar
  11. 11.
    Silva, R., Zhang, J., Shanahan, J.G.: Probabilistic workflow mining. In: Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, pp. 275–284. ACM (2005)Google Scholar
  12. 12.
    Silver, B., Richard, B.: BPMN Method and Style, vol. 2. Cody-Cassidy Press, Aptos (2009)Google Scholar
  13. 13.
    Aalst, W., et al.: Process mining manifesto. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM 2011. LNBIP, vol. 99, pp. 169–194. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28108-2_19 CrossRefGoogle Scholar
  14. 14.
    Aalst, W.M.P.: Business process management demystified: a tutorial on models, systems and standards for workflow management. In: Desel, J., Reisig, W., Rozenberg, G. (eds.) ACPN 2003. LNCS, pp. 1–65. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27755-2_1 CrossRefGoogle Scholar
  15. 15.
    Van Der Aalst, W.M.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, Heidelberg (2011)CrossRefzbMATHGoogle Scholar
  16. 16.
    Van Der Aalst, W.M., van Dongen, B.F., Herbst, J., Maruster, L., Schimm, G., Weijters, A.J.: Workflow mining: a survey of issues and approaches. Data Knowl. Eng. 47(2), 237–267 (2003)CrossRefGoogle Scholar
  17. 17.
    Van Der Aalst, W.M., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004)CrossRefGoogle Scholar
  18. 18.
    Dongen, B.F., Aalst, W.M.P.: Multi-phase process mining: building instance graphs. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, pp. 362–376. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30464-7_29 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Universität zu LübeckLübeckGermany
  2. 2.Hamburg University of TechnologyHamburgGermany

Personalised recommendations