Abstract
Ensuring anomaly-free process model executions is crucial in order to prevent fraud and security breaches. Existing anomaly detection approaches focus on the control flow, point anomalies, and struggle with false positives in the case of unexpected events. By contrast, this paper proposes an anomaly detection approach that incorporates perspectives that go beyond the control flow, such as, time and resources (i.e., to detect contextual anomalies). In addition, it is capable of dealing with unexpected process model execution events: not every unexpected event is immediately detected as anomalous, but based on a certain likelihood of occurrence, hence reducing the number of false positives. Finally, multiple events are analyzed in a combined manner in order to detect collective anomalies. The performance and applicability of the overall approach are evaluated by means of a prototypical implementation along and based on real life process execution logs from multiple domains.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We expect that the ongoing execution events either represent an activity selection, resource assignment, or activity execution start timestamp.
- 2.
Note, this paper calculates the comparison likelihood based on the recorded traces in L because they represent expected execution event traces. Alternatively, for example, each theoretically possible trace (event order) in G could be constructed/analyzed.
- 3.
http://www.win.tue.nl/bpi/2015/challenge—DOI:10.4121/uuid:31a308ef-c844-48da-948c-305d167a0ec1.
References
Bezerra, F., Wainer, J.: Anomaly detection algorithms in business process logs. In: Enterprise Information Systems, pp. 11–18 (2008)
Bezerra, F., Wainer, J.: Anomaly detection algorithms in logs of process aware systems. In: Applied Computing, pp. 951–952. ACM (2008)
Bezerra, F., Wainer, J.: Algorithms for anomaly detection of traces in logs of process aware information systems. Inf. Syst. 38(1), 33–44 (2013)
Bezerra, F., Wainer, J., Aalst, W.M.P.: Anomaly detection using process mining. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) BPMDS/EMMSAD -2009. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01862-6_13
Böhmer, K., Rinderle-Ma, S.: Automatic signature generation for anomaly detection in business process instance data. In: Schmidt, R., Guédria, W., Bider, I., Guerreiro, S. (eds.) BPMDS/EMMSAD -2016. LNBIP, vol. 248, pp. 196–211. Springer, Heidelberg (2016). doi:10.1007/978-3-319-39429-9_13
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Comput. Surv. 41(3), 15 (2009)
Chatfied, C., Collins, A.J.: Introduction to multivariate analysis. Springer, Heidelberg (2013)
Chinchor, N., Sundheim, B.: Muc-5 evaluation metrics. In: Message Understanding, pp. 69–78. Association for Computational Linguistics (1993)
Jans, M., van der Werf, J.M., Lybaert, N., Vanhoof, K.: A business process mining application for internal transaction fraud mitigation. Expert Syst. Appl. 38(10), 13351–13359 (2011)
Ly, L.T., Indiono, C., Mangler, J., Rinderle-Ma, S.: Data transformation and semantic log purging for process mining. In: Ralyté, J., Franch, X., Brinkkemper, S., Wrycza, S. (eds.) CAiSE 2012. LNCS, vol. 7328, pp. 238–253. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31095-9_16
Mangler, J., Rinderle-Ma, S.: Cpee-cloud process exection engine (2014)
Rieke, R., Zhdanova, M., Repp, J., Giot, R., Gaber, C.: Fraud detection in mobile payments utilizing process behavior analysis. In: Availability, Reliability and Security, pp. 662–669. IEEE (2013)
Rogge-Solti, A., Kasneci, G.: Temporal anomaly detection in business processes. In: Sadiq, S., Soffer, P., Völzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 234–249. Springer, Heidelberg (2014). doi:10.1007/978-3-319-10172-9_15
Sarno, R., Sinaga, F.P.: Business process anomaly detection using ontology-based process modelling and multi-level class association rule learning. In: Computer, Control, Informatics and its Applications, pp. 12–17. IEEE (2015)
Sinaga, F., Sarno, R.: Business process anomali detection using multi-level class association rule learning. Technol. Sci. 2(1), 65–72 (2016)
Sureka, A.: Kernel based sequential data anomaly detection in business process event logs. preprint (2015). arXiv:1507.01168
Van Der Aalst, W.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, Heidelberg (2011)
Weijters, A.J., Van der Aalst, W.M.: Rediscovering workflow models from event-based data using little thumb. Integrated Comput. Aided Eng. 10(2), 151–162 (2003)
Yang, W.S., Hwang, S.Y.: A process-mining framework for the detection of healthcare fraud and abuse. Expert Syst. Appl. 31(1), 56–68 (2006)
Yu, L., Liu, H.: Efficient feature selection via analysis of relevance and redundancy. Mach. Learn. Res. 5, 1205–1224 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Böhmer, K., Rinderle-Ma, S. (2016). Multi-perspective Anomaly Detection in Business Process Execution Events. In: Debruyne, C., et al. On the Move to Meaningful Internet Systems: OTM 2016 Conferences. OTM 2016. Lecture Notes in Computer Science(), vol 10033. Springer, Cham. https://doi.org/10.1007/978-3-319-48472-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-48472-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48471-6
Online ISBN: 978-3-319-48472-3
eBook Packages: Computer ScienceComputer Science (R0)