Top

Published in:

2018 | OriginalPaper | Chapter

Association Rules for Anomaly Detection and Root Cause Analysis in Process Executions

Authors : Kristof Böhmer, Stefanie Rinderle-Ma

Published in: Advanced Information Systems Engineering

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Existing business process anomaly detection approaches typically fall short in supporting experts when analyzing identified anomalies. Hereby, false positives and insufficient anomaly countermeasures might impact an organization in a severely negative way. This work tackles this limitation by basing anomaly detection on association rule mining. It will be shown that doing so enables to explain anomalies, support process change and flexible executions, and to facilitate the estimation of anomaly severity. As a consequence, the risk of choosing an inappropriate countermeasure is likely reduced which, for example, helps to avoid the termination of benign process executions due to mistaken anomalies and false positives. The feasibility of the proposed approach is shown based on a publicly available prototypical implementation as well as by analyzing real life logs with injected artificial anomalies.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter AB Testing for Process Versions with Contextual Multi-armed Bandit Algorithms

Activity equivalence is considered as label equivalence here.

http://www.win.tue.nl/bpi/2015/challenge – DOI: https://doi.org/10.4121/uuid:31a308ef-c844-48da-948c-305d167a0ec1.

Van der Aalst, W.M., de Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions and checking process conformance. Theor. Comput. Sci. 121, 3–21 (2005)MATH

Agrawal, R., Srikant, R., et al.: Fast algorithms for mining association rules. In: Very Large Data Bases, vol. 1215, pp. 487–499 (1994)

Bezerra, F., et al.: Anomaly detection using process mining. Enterp. Bus. Process Inf. Syst. Model. 29, 149–161 (2009)

Böhmer, K., Rinderle-Ma, S.: Anomaly detection in business process runtime behavior-challenges and limitations. arXiv arXiv:1705.06659 (2017)

Böhmer, K., Rinderle-Ma, S.: Multi instance anomaly detection in business process executions. In: Carmona, J., Engels, G., Kumar, A. (eds.) BPM 2017. LNCS, vol. 10445, pp. 77–93. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65000-5_5CrossRef

Böhmer, K., et al.: Multi-perspective anomaly detection in business process execution events. In: Debruyne, C., et al. (eds.) Cooperative Information Systems, pp. 80–98. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-48472-3_5CrossRef

Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: Access Control Models and Technologies, pp. 123–126. ACM (2012)

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. Comput. Surv. 41(3), 15 (2009)CrossRef

Chinchor, N., Sundheim, B.: MUC-5 evaluation metrics. In: Message Understanding, pp. 69–78. Computational Linguistics (1993)

10.

Czepa, C., et al.: Plausibility checking of formal business process specifications in linear temporal logic, pp. 1–8 (2016)

11.

Greco, G., Guzzo, A., Pontieri, L.: Mining taxonomies of process models. Data Knowl. Eng. 67(1), 74–102 (2008)CrossRef

12.

Gupta, M., Gao, J., Aggarwal, C.C., Han, J.: Outlier detection for temporal data: a survey. Knowl. Data Eng. 26(9), 2250–2267 (2014)CrossRef

13.

Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. Inf. Syst. Secur. 6(4), 443–471 (2003)

14.

Ly, L.T., Maggi, F.M., Montali, M., Rinderle-Ma, S., van der Aalst, W.M.: Compliance monitoring in business processes: functionalities, application, and tool-support. Inf. Syst. 54, 209–234 (2015)CrossRef

15.

Ly, L.T., Rinderle-Ma, S., Knuplesch, D., Dadam, P.: Monitoring business process compliance using compliance rule graphs. In: Meersman, R., et al. (eds.) OTM 2011. LNCS, vol. 7044, pp. 82–99. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25109-2_7CrossRef

16.

Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where did i misbehave? Diagnostic information in compliance checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 262–278. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32885-5_21CrossRef

17.

Rieck, K., Wahl, S., Laskov, P., Domschitz, P., Müller, K.-R.: A self-learning system for detection of anomalous SIP messages. In: Schulzrinne, H., State, R., Niccolini, S. (eds.) IPTComm 2008. LNCS, vol. 5310, pp. 90–106. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89054-6_5CrossRef

18.

Sarno, R., et al.: Hybrid association rule learning and process mining for fraud detection. Comput. Sci. 42(2), 59–72 (2015)

19.

Tan, P.N., Steinbach, M., Kumar, V.: Introduction to Data Mining, 1st edn. Addison-Wesley, Boston (2005)

20.

Vogelgesang, T., et al.: Multidimensional process mining: questions, requirements, and limitations. In: CAISE Forum, pp. 169–176. Springer, Heidelberg (2016)

21.

Wieringa, R.: Design Science Methodology for Information Systems and Software Engineering. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43839-8CrossRef

Title: Association Rules for Anomaly Detection and Root Cause Analysis in Process Executions
Authors: Kristof Böhmer
Stefanie Rinderle-Ma
Publisher: Springer International Publishing
Book: Advanced Information Systems Engineering
Print ISBN: 978-3-319-91562-3

Electronic ISBN: 978-3-319-91563-0

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-91563-0_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner