Abstract
This paper presents an approach to detect anomalies in process-aware information systems. This approach is based on process mining and uses social network analysis metrics to detect anomalous behavior. The main idea is to prove that applying the organizational perspective using social network analysis metrics can detect anomalies that follow a normal flow but are executed by unauthorized users. The proposed approach has been evaluated using artificial event logs and the cross-validation method. The F-measure evaluation results show that this approach is even effective in the worst case, the highest anomaly rate.
Similar content being viewed by others
Availability of data and material
Materials and data are available on request
References
Bezerra, F., Wainer, J., van der Aalst, W.M.P.: Anomaly detection using process mining. In: Enterprise, business-process and information systems modeling, pp. 149–161. Springer (2009)
Marlon, D., Wil van der, A., Arthur Ter, H.: Process aware information systems, vol. 1. Wiley Online Library, Hoboken (2005)
Bezerra, F., Wainer, J.: Fraud detection in process aware systems. Int. J. Bus. Process. Integr. Manag. 5(2), 121–129 (2011)
Bezerra, F., Wainer, J., et al.: Anomaly detection algorithms in business process logs. In Proceedings of the 10th International Conference on Enterprise Information Systems (ICEIS), volume AIDSS, Barcelona, Spain, pp 11–18 (2008)
Wil MP Van der, A., Ana Karla A de, M.: Process mining and security: Detecting anomalous process executions and checking process conformance. Elect. Notes Theor. Comput. Sci. 121, 3–21 (2005)
Bezerra, F., Wainer, J.: Anomaly detection algorithms in logs of process aware systems. In: Proceedings of the 2008 ACM symposium on Applied computing, pp. 951–952 (2008)
Bezerra, F., Wainer, J.: Towards detecting fraudulent executions in business process aware systems. In: WfPM 2007 Workshop on Workflows and Process Management (2007)
Alves De Medeiros, A.K., Weijters, A.J.M.M., Van der Aalst, W.M.P.: Genetic process mining: A basic approach and its challenges. In: International Conference on Business Process Management, pp. 203–215. Springer (2005)
de Medeiros, A.K.A., Weijters, A.J.M.M., van der Aalst, W.M.P.: Genetic process mining: an experimental evaluation. Data Min. Knowl. Discov. 14(2), 245–304 (2007)
Bezerra, F., Wainer, J.: Algorithms for anomaly detection of traces in logs of process aware information systems. Inf. Syst. 38(1), 33–44 (2013)
Zhao, W., Zhao, X.: Process mining from the organizational perspective. In: Foundations of intelligent systems, pp. 701–708. Springer (2014)
Schönig, S., Cabanillas, C., Jablonski, S., Mendling, J.: Mining the organisational perspective in agile business processes. In: Enterprise, Business-Process and Information Systems Modeling, pp. 37–52. Springer (2015)
Van, D.: Process mining discovery, conformance and enhancement of business processes. Springer, Heidelberg (2011)
Eckleder, A., Freytag, T.: Woped a tool for teaching, analyzing and visualizing workflow nets. Petri Net Newslett. 75, 3–8 (2008)
Shazia, T., Fabiola SF, P., Sofia, F., João, G.: Social network analysis: An overview. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 8(5), e1256 (2018)
Rozinat, A., Van der Aalst, W.M.P.: Conformance checking of processes based on monitoring real behavior. Inf. Syst. 33(1), 64–95 (2008)
Rozinat, A., Van der Aalst, W.M.P.: Conformance testing: Measuring the fit and appropriateness of event logs and process models. In: International conference on business process management, pp. 163–176. Springer (2005)
Nolle, T., Seeliger, A., Mühlhäuser, M.: Unsupervised anomaly detection in noisy business process event logs using denoising autoencoders. In: International conference on discovery science, pp. 442–456. Springer (2016)
Rogge-Solti, A., Kasneci, G.: Temporal anomaly detection in business processes. In: International Conference on Business Process Management, pp. 234–249. Springer (2014)
Böhmer, K., Rinderle-Ma, S.: Multi instance anomaly detection in business process executions. In: International Conference on Business Process Management, pp. 77–93. Springer (2017)
Nolle, T., Luettgen, S., Seeliger, A., Mühlhäuser, M.: Analyzing business process anomalies using autoencoders. Mach. Learn. 107(11), 1875–1893 (2018)
Nolle, T., Luettgen, S., Seeliger, A., Mühlhäuser, M.: Binet: Multi-perspective business process anomaly classification. Inform. Syst. 101458 (2019)
Nolle, T., Seeliger, A., Mühlhäuser, M.: Binet: multivariate business process anomaly detection using deep learning. In: International Conference on Business Process Management, pp. 271–287. Springer (2018)
Marques Tavares, G., Barbon, S.: Analysis of language inspired trace representation for anomaly detection. In: ADBIS, TPDL and EDA 2020 Common Workshops and Doctoral Consortium, pp. 296–308. Springer (2020)
Nascimento, M.C.V.: Community detection in networks via a spectral heuristic based on the clustering coefficient. Discret. Appl. Math. 176, 89–99 (2014)
Salavati, C., Abdollahpouri, A., Manbari, Z.: Ranking nodes in complex networks based on local structure and improving closeness centrality. Neurocomputing 336, 36–45 (2019)
Baesens, B., Van Vlasselaer, V., Verbeke, W.: Fraud analytics using descriptive, predictive, and social network techniques: a guide to data science for fraud detection. Wiley, Hoboken (2015)
Akoglu, L., McGlohon, M., Faloutsos, C.: Oddball: Spotting anomalies in weighted graphs. In: Pacific-Asia conference on knowledge discovery and data mining, pp. 410–421. Springer (2010)
Funding
No funding was received for conducting this study
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Code availability
Code is available on request
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ebrahim, M., Golpayegani, S.A.H. Anomaly detection in business processes logs using social network analysis. J Comput Virol Hack Tech 18, 127–139 (2022). https://doi.org/10.1007/s11416-021-00398-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-021-00398-8