Open AccessPosted Content
Kernel Based Sequential Data Anomaly Detection in Business Process Event Logs.
TL;DR: This paper model the event logs as a sequential data and apply kernel based anomaly detection techniques to identify outliers and discordant observations and employs kNN (k-nearest neighbor) kernel based technique and normalized longest common subsequence (LCS) similarity measure.
read more
Abstract: Business Process Management Systems (BPMS) log events and traces of activities during the execution of a process. Anomalies are defined as deviation or departure from the normal or common order. Anomaly detection in business process logs has several applications such as fraud detection and understanding the causes of process errors. In this paper, we present a novel approach for anomaly detection in business process logs. We model the event logs as a sequential data and apply kernel based anomaly detection techniques to identify outliers and discordant observations. Our technique is unsupervised (does not require a pre-annotated training dataset), employs kNN (k-nearest neighbor) kernel based technique and normalized longest common subsequence (LCS) similarity measure. We conduct experiments on a recent, large and real-world incident management data of an enterprise and demonstrate that our approach is effective.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Figures
Figure 4: Fragment of the discovered process map using DISCO process mining tool at a resolution showing only core transitions 
Figure 2: Histogram and kernel density estimate for the anomaly score variable (K value for KNN = 5000) 
Figure 3: Histogram and kernel density estimate for the anomaly score variable (K value for KNN = 2500) 
Figure 1: Proposed solution approach called as Nirikshan consisting of a processing pipeline from raw data transformation to anomaly detection 
Table 1: Actor, Activity and Timestamp for one of the Cases in the Dataset 
Figure 5: Histogram for events per case Figure 6: Histogram for case variants
Citations
Multi-perspective Anomaly Detection in Business Process Execution Events
Kristof Böhmer,Stefanie Rinderle-Ma +1 more
- 24 Oct 2016
TL;DR: This paper proposes an anomaly detection approach that incorporates perspectives that go beyond the control flow, such as, time and resources (i.e., to detect contextual anomalies), and is capable of dealing with unexpected process model execution events.
71
Sequence Covering for Efficient Host-Based Intrusion Detection
TL;DR: In this article, a new similarity measure, the covering similarity, is proposed for evaluating the similarity between a symbolic sequence and a set of symbolic sequences, which can be used to isolate attack sequences from normal sequences in the scope of host-based intrusion detection.
42
Sequence Covering for Efficient Host-Based Intrusion Detection
TL;DR: This paper introduces a new similarity measure, the covering similarity, which is formally defined for evaluating the similarity between a symbolic sequence and a set of symbolic sequences and shows that this similarity is particularly relevant to address the detection of anomalies in sequences of system calls.
31
•Posted Content
Anomaly Detection in Business Process Runtime Behavior - Challenges and Limitations
TL;DR: This systematic literature review strives to provide an organized holistic view on research related to business process runtime behavior anomaly detection to foster the understanding and development of the process anomaly detection domain.
15
Keeping our rivers clean: Information-theoretic online anomaly detection for streaming business process events
01 Feb 2022
TL;DR: In this article , a statistical leverage-based approach for event log anomaly detection in process event streams has been proposed and evaluated on artificial and real event streams and also on artificial event streams characterised by concept drift.
12
References
•Book
Process Mining: Discovery, Conformance and Enhancement of Business Processes
Wil M. P. van der Aalst
- 01 Jan 2011
TL;DR: This book provides real-world techniques for monitoring and analyzing processes in real time and is a powerful new tool destined to play a key role in business process management.
2.5K
Workflow mining: discovering process models from event logs
TL;DR: A new algorithm is presented to extract a process model from a so-called "workflow log" containing information about the workflow process as it is actually being executed and represent it in terms of a Petri net.
Anomaly Detection for Discrete Sequences: A Survey
TL;DR: A comprehensive and structured overview of the existing research for the problem of detecting anomalies in discrete/symbolic sequences is provided in this article, where the authors provide a global understanding of the sequence anomaly detection problem and how existing techniques relate to each other.
Algorithms for anomaly detection of traces in logs of process aware information systems
TL;DR: The sampling algorithm proved to be the most effective solution, and was applied to a real log, and compared the resulting detected anomalous traces with the ones detected by a different procedure that relies on manual choices.
126