Skip to main content
SpringerLink
Log in

Anomaly detection in business processes logs using social network analysis

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

This paper presents an approach to detect anomalies in process-aware information systems. This approach is based on process mining and uses social network analysis metrics to detect anomalous behavior. The main idea is to prove that applying the organizational perspective using social network analysis metrics can detect anomalies that follow a normal flow but are executed by unauthorized users. The proposed approach has been evaluated using artificial event logs and the cross-validation method. The F-measure evaluation results show that this approach is even effective in the worst case, the highest anomaly rate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Availability of data and material

Materials and data are available on request

References

  1. Bezerra, F., Wainer, J., van der Aalst, W.M.P.: Anomaly detection using process mining. In: Enterprise, business-process and information systems modeling, pp. 149–161. Springer (2009)

  2. Marlon, D., Wil van der, A., Arthur Ter, H.: Process aware information systems, vol. 1. Wiley Online Library, Hoboken (2005)

    Google Scholar 

  3. Bezerra, F., Wainer, J.: Fraud detection in process aware systems. Int. J. Bus. Process. Integr. Manag. 5(2), 121–129 (2011)

    Article  Google Scholar 

  4. Bezerra, F., Wainer, J., et al.: Anomaly detection algorithms in business process logs. In Proceedings of the 10th International Conference on Enterprise Information Systems (ICEIS), volume AIDSS, Barcelona, Spain, pp 11–18 (2008)

  5. Wil MP Van der, A., Ana Karla A de, M.: Process mining and security: Detecting anomalous process executions and checking process conformance. Elect. Notes Theor. Comput. Sci. 121, 3–21 (2005)

    Article  Google Scholar 

  6. Bezerra, F., Wainer, J.: Anomaly detection algorithms in logs of process aware systems. In: Proceedings of the 2008 ACM symposium on Applied computing, pp. 951–952 (2008)

  7. Bezerra, F., Wainer, J.: Towards detecting fraudulent executions in business process aware systems. In: WfPM 2007 Workshop on Workflows and Process Management (2007)

  8. Alves De Medeiros, A.K., Weijters, A.J.M.M., Van der Aalst, W.M.P.: Genetic process mining: A basic approach and its challenges. In: International Conference on Business Process Management, pp. 203–215. Springer (2005)

  9. de Medeiros, A.K.A., Weijters, A.J.M.M., van der Aalst, W.M.P.: Genetic process mining: an experimental evaluation. Data Min. Knowl. Discov. 14(2), 245–304 (2007)

    Article  MathSciNet  Google Scholar 

  10. Bezerra, F., Wainer, J.: Algorithms for anomaly detection of traces in logs of process aware information systems. Inf. Syst. 38(1), 33–44 (2013)

    Article  Google Scholar 

  11. Zhao, W., Zhao, X.: Process mining from the organizational perspective. In: Foundations of intelligent systems, pp. 701–708. Springer (2014)

  12. Schönig, S., Cabanillas, C., Jablonski, S., Mendling, J.: Mining the organisational perspective in agile business processes. In: Enterprise, Business-Process and Information Systems Modeling, pp. 37–52. Springer (2015)

  13. Van, D.: Process mining discovery, conformance and enhancement of business processes. Springer, Heidelberg (2011)

    MATH  Google Scholar 

  14. Eckleder, A., Freytag, T.: Woped a tool for teaching, analyzing and visualizing workflow nets. Petri Net Newslett. 75, 3–8 (2008)

    Google Scholar 

  15. Shazia, T., Fabiola SF, P., Sofia, F., João, G.: Social network analysis: An overview. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 8(5), e1256 (2018)

    Google Scholar 

  16. Rozinat, A., Van der Aalst, W.M.P.: Conformance checking of processes based on monitoring real behavior. Inf. Syst. 33(1), 64–95 (2008)

    Article  Google Scholar 

  17. Rozinat, A., Van der Aalst, W.M.P.: Conformance testing: Measuring the fit and appropriateness of event logs and process models. In: International conference on business process management, pp. 163–176. Springer (2005)

  18. Nolle, T., Seeliger, A., Mühlhäuser, M.: Unsupervised anomaly detection in noisy business process event logs using denoising autoencoders. In: International conference on discovery science, pp. 442–456. Springer (2016)

  19. Rogge-Solti, A., Kasneci, G.: Temporal anomaly detection in business processes. In: International Conference on Business Process Management, pp. 234–249. Springer (2014)

  20. Böhmer, K., Rinderle-Ma, S.: Multi instance anomaly detection in business process executions. In: International Conference on Business Process Management, pp. 77–93. Springer (2017)

  21. Nolle, T., Luettgen, S., Seeliger, A., Mühlhäuser, M.: Analyzing business process anomalies using autoencoders. Mach. Learn. 107(11), 1875–1893 (2018)

    Article  MathSciNet  Google Scholar 

  22. Nolle, T., Luettgen, S., Seeliger, A., Mühlhäuser, M.: Binet: Multi-perspective business process anomaly classification. Inform. Syst. 101458 (2019)

  23. Nolle, T., Seeliger, A., Mühlhäuser, M.: Binet: multivariate business process anomaly detection using deep learning. In: International Conference on Business Process Management, pp. 271–287. Springer (2018)

  24. Marques Tavares, G., Barbon, S.: Analysis of language inspired trace representation for anomaly detection. In: ADBIS, TPDL and EDA 2020 Common Workshops and Doctoral Consortium, pp. 296–308. Springer (2020)

  25. Nascimento, M.C.V.: Community detection in networks via a spectral heuristic based on the clustering coefficient. Discret. Appl. Math. 176, 89–99 (2014)

    Article  MathSciNet  Google Scholar 

  26. Salavati, C., Abdollahpouri, A., Manbari, Z.: Ranking nodes in complex networks based on local structure and improving closeness centrality. Neurocomputing 336, 36–45 (2019)

    Article  Google Scholar 

  27. Baesens, B., Van Vlasselaer, V., Verbeke, W.: Fraud analytics using descriptive, predictive, and social network techniques: a guide to data science for fraud detection. Wiley, Hoboken (2015)

    Book  Google Scholar 

  28. Akoglu, L., McGlohon, M., Faloutsos, C.: Oddball: Spotting anomalies in weighted graphs. In: Pacific-Asia conference on knowledge discovery and data mining, pp. 410–421. Springer (2010)

Download references

Funding

No funding was received for conducting this study

Author information

Authors and Affiliations

  1. Department of Computer Engineering and IT, Amirkabir University of Technology, Tehran, Iran

    Mina Ebrahim

  2. Department of Computer Engineering and IT, Amirkabir University of Technology, Valiasr Street, Tehran, 15875-4413, Iran

    Seyed Alireza Hashemi Golpayegani

Authors
  1. Mina Ebrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seyed Alireza Hashemi Golpayegani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seyed Alireza Hashemi Golpayegani.

Ethics declarations

Conflicts of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Code availability

Code is available on request

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ebrahim, M., Golpayegani, S.A.H. Anomaly detection in business processes logs using social network analysis. J Comput Virol Hack Tech 18, 127–139 (2022). https://doi.org/10.1007/s11416-021-00398-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-021-00398-8

Keywords

Search

Navigation