Skip to main content
Top

2016 | OriginalPaper | Chapter

Automatic Signature Generation for Anomaly Detection in Business Process Instance Data

Authors : Kristof Böhmer, Stefanie Rinderle-Ma

Published in: Enterprise, Business-Process and Information Systems Modeling

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Implementing and automating business processes often means to connect and integrate a diverse set of potentially flawed services and applications. This makes them an attractive target for attackers. Here anomaly detection is one of the last defense lines against unknown vulnerabilities. Whereas anomaly detection for process behavior has been researched, anomalies in process instance data have been neglected so far, even though the data is exchanged with external services and hence might be a major sources for attacks. Deriving the required anomaly detection signatures can be a complex, work intensive, and error-prone task, specifically at the presence of a multitude of process versions and instances. Hence, this paper proposes a novel automatic signature generation approach for textual business process instance data while respecting its contextual attributes. Its efficiency is shown by an comprehensive evaluation that applies the approach on thousands of realistic data entries and 240, 000 anomalous data entries.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
Note, those can be extracted from recorded process execution logs which are frequently automatically generated by process execution engines.
 
2
Measured based on the number of characters.
 
3
If two tokens start on the same position then the longer one is chosen because it enforces more characters during signature checking than a shorter one.
 
Literature
1.
go back to reference Bezerra, F., Wainer, J.: Algorithms for anomaly detection of traces in logs of process aware information systems. Inf. Syst. 38, 33–44 (2013)CrossRef Bezerra, F., Wainer, J.: Algorithms for anomaly detection of traces in logs of process aware information systems. Inf. Syst. 38, 33–44 (2013)CrossRef
2.
go back to reference Bezerra, F., Wainer, J., van der Aalst, W.M.: Anomaly detection using process mining. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) Enterprise, Business-Process and Information Systems Modeling. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009)CrossRef Bezerra, F., Wainer, J., van der Aalst, W.M.: Anomaly detection using process mining. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) Enterprise, Business-Process and Information Systems Modeling. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009)CrossRef
3.
go back to reference Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41, 15–87 (2009)CrossRef Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41, 15–87 (2009)CrossRef
4.
go back to reference Fdhila, W., Rinderle-Ma, S., Indiono, C.: Change propagation analysis and prediction in process choreographies. Coop. Inf. Syst. 24, 47–62 (2015) Fdhila, W., Rinderle-Ma, S., Indiono, C.: Change propagation analysis and prediction in process choreographies. Coop. Inf. Syst. 24, 47–62 (2015)
5.
go back to reference Günther, W.C., Verbeek, E.: XES – Standard. Technical report, TU Eindhove (2014) Günther, W.C., Verbeek, E.: XES – Standard. Technical report, TU Eindhove (2014)
6.
go back to reference Gusfield, D.: Algorithms on Strings, Trees and Sequences: Computer Science and Computational Biology. Cambridge University Press, New York (1997)CrossRef Gusfield, D.: Algorithms on Strings, Trees and Sequences: Computer Science and Computational Biology. Cambridge University Press, New York (1997)CrossRef
7.
go back to reference Hawkins, D.M.: The problem of overfitting. Chem. Inf. Comput. Sci. 44, 1–12 (2004)CrossRef Hawkins, D.M.: The problem of overfitting. Chem. Inf. Comput. Sci. 44, 1–12 (2004)CrossRef
8.
go back to reference Herrmann, P., Herrmann, G.: Security requirement analysis of business processes. Electron. Commer. Res. 6, 305–335 (2006)CrossRef Herrmann, P., Herrmann, G.: Security requirement analysis of business processes. Electron. Commer. Res. 6, 305–335 (2006)CrossRef
9.
go back to reference Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. Netw. Comput. Appl. 36, 16–24 (2013)CrossRef Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. Netw. Comput. Appl. 36, 16–24 (2013)CrossRef
10.
go back to reference Müller, G., Accorsi, R.: Why are business processes not secure? In: Fischlin, M., Katzenbeisser, S. (eds.) Number Theory and Cryptography. LNCS, vol. 8260, pp. 240–254. Springer, Heidelberg (2013) Müller, G., Accorsi, R.: Why are business processes not secure? In: Fischlin, M., Katzenbeisser, S. (eds.) Number Theory and Cryptography. LNCS, vol. 8260, pp. 240–254. Springer, Heidelberg (2013)
11.
go back to reference Quan, L., Tian, G.s.: Outlier detection of business process based on support vector data description. In: Computing, Communication, Control, and Management. pp. 571–574. IEEE (2009) Quan, L., Tian, G.s.: Outlier detection of business process based on support vector data description. In: Computing, Communication, Control, and Management. pp. 571–574. IEEE (2009)
12.
go back to reference Rosemann, M.: Potential pitfalls of process modeling: part B. Bus. Process Manag. 12, 377–384 (2006)CrossRef Rosemann, M.: Potential pitfalls of process modeling: part B. Bus. Process Manag. 12, 377–384 (2006)CrossRef
13.
go back to reference Sneed, H.M.: Integrating legacy software into a service oriented architecture. In: Software Maintenance and Reengineering. pp. 11–22. IEEE (2006) Sneed, H.M.: Integrating legacy software into a service oriented architecture. In: Software Maintenance and Reengineering. pp. 11–22. IEEE (2006)
14.
go back to reference Van Der Aalst, W.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, Heidelberg (2011)CrossRef Van Der Aalst, W.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, Heidelberg (2011)CrossRef
15.
go back to reference Yamagaki, N., Sidhu, R., Kamiya, S.: High-speed regular expression matching engine using multi-character nfa. In: Field Programmable Logic and Applications. pp. 131–136. IEEE (2008) Yamagaki, N., Sidhu, R., Kamiya, S.: High-speed regular expression matching engine using multi-character nfa. In: Field Programmable Logic and Applications. pp. 131–136. IEEE (2008)
16.
go back to reference Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. Big Data 2, 1–41 (2015) Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. Big Data 2, 1–41 (2015)
Metadata
Title
Automatic Signature Generation for Anomaly Detection in Business Process Instance Data
Authors
Kristof Böhmer
Stefanie Rinderle-Ma
Copyright Year
2016
DOI
https://doi.org/10.1007/978-3-319-39429-9_13

Premium Partner