Genetic-based Anomaly Detection in Logs of Process Aware Systems
Nowaday-s, many organizations use systems that
support business process as a whole or partially. However, in some
application domains, like software development and health care
processes, a normative Process Aware System (PAS) is not suitable,
because a flexible support is needed to respond rapidly to new
process models. On the other hand, a flexible Process Aware System
may be vulnerable to undesirable and fraudulent executions, which
imposes a tradeoff between flexibility and security. In order to make
this tradeoff available, a genetic-based anomaly detection model for
logs of Process Aware Systems is presented in this paper. The
detection of an anomalous trace is based on discovering an
appropriate process model by using genetic process mining and
detecting traces that do not fit the appropriate model as anomalous
trace; therefore, when used in PAS, this model is an automated
solution that can support coexistence of flexibility and security.
[1] Fabio Bezerra, Jacques Wainer, and W. van der Aalst, "Anomaly
detection using process mining," Springer-Verlag Berlin Heidelberg,
2009, pp. 149-161.
[2] W.M.P. van der Aalst, and A.K.A. de Medeiros, "Process mining and
security: Detecting anomalous process executions and checking process
conformance," Electronic Notes in Theoretical Computer Science, vol.
121(4), 2005, pp. 3-21.
[3] F. Bezerra, and J. Wainer, "Anomaly detection algorithms in logs of
process aware systems," SAC 2008: Proceedings of the 2008 ACM
symposium on Applied computing, ACM Press, New York, 2008, pp.
951-952.
[4] F. Bezerra, and J. Wainer, "Anomaly detection algorithms in business
process logs," ICEIS 2008: Proceedings of the Tenth International
Conference on Enterprise Information Systems, Barcelona, Spain, June
2008. AIDSS, pp. 11-18.
[5] W.M.P. van der Aalst, B.F van Dongen, J. Herbst, L. Maruster, G.
Schimm, and A.J.M.M Weijters, "Workflow mining: A survey of issues
and approaches," Data & Knowledge Engineering, vol. 47(2), 2003, pp.
237-267.
[6] W. van der Aalst, A. Weijters, and L. Maruster, "Workflow mining:
Discovering process models from event logs," IEEE Transactions on
Knowledge and Data Engineering, vol. 16(9), 2004, pp. 1128-1142.
[7] R. Agrawal, D. Gunopulos, and F. Leymann, "Mining process models
from workflow logs," Sixth International Conference on Extending
Database Technology, 1998, pp. 469-483.
[8] J. Cook and A. Wolf. "Discovering models of software processes from
event-based data," ACM Transactions on Software Engineering and
Methodology, vol. 7(3), 1998, pp. 215-249.
[9] W.M.P. van der Aalst and M. Song, "Mining social networks:
Uncovering interaction patterns in business processes," M. Weske, B.
Pernici, and J. Desel, editors, International Conference on Business
Process Management (BPM 2004), Lecture Notes in Computer Science,
Springer-Verlag, Berlin, 2004.
[10] W.M.P. van der Aalst, A.K. Alves de Medeiros, and A.J.M.M. Weijters,
"Genetic process mining,", Applications and theory of Petri nets, 2005 -
Springer.
[11] A.K.A. de Medeiros, A.J.M.M. Weijters, and W.M.P. van der Aalst,
"Using genetic algorithms to mine process models: Representation,
operators and results," BETA Working Paper Series, WP 124,
Eindhoven University of Technology, Eindhoven, 2004.
[12] Ana Karla Alves de Medeiros, "Genetic Process Mining," Eindhoven
University of Technology, ISBN 978-90-386-0785-6, 2006.
[13] A.K. Alves de Medeiros, A.J.M.M. Weijters and W.M.P. van der Aalst,
"Genetic Process Mining: A Basic Approach and its Challenges," .
[14] Zorana Bankovic, José M. Moya, ├ülvaro Araujo, Slobodan Bojanic, and
Octavio Nieto-Taladriz, "A Genetic Algorithm-based Solution for
Intrusion Detection,", Journal of Information Assurance and Security 4,
2009, pp. 192-199.
[1] Fabio Bezerra, Jacques Wainer, and W. van der Aalst, "Anomaly
detection using process mining," Springer-Verlag Berlin Heidelberg,
2009, pp. 149-161.
[2] W.M.P. van der Aalst, and A.K.A. de Medeiros, "Process mining and
security: Detecting anomalous process executions and checking process
conformance," Electronic Notes in Theoretical Computer Science, vol.
121(4), 2005, pp. 3-21.
[3] F. Bezerra, and J. Wainer, "Anomaly detection algorithms in logs of
process aware systems," SAC 2008: Proceedings of the 2008 ACM
symposium on Applied computing, ACM Press, New York, 2008, pp.
951-952.
[4] F. Bezerra, and J. Wainer, "Anomaly detection algorithms in business
process logs," ICEIS 2008: Proceedings of the Tenth International
Conference on Enterprise Information Systems, Barcelona, Spain, June
2008. AIDSS, pp. 11-18.
[5] W.M.P. van der Aalst, B.F van Dongen, J. Herbst, L. Maruster, G.
Schimm, and A.J.M.M Weijters, "Workflow mining: A survey of issues
and approaches," Data & Knowledge Engineering, vol. 47(2), 2003, pp.
237-267.
[6] W. van der Aalst, A. Weijters, and L. Maruster, "Workflow mining:
Discovering process models from event logs," IEEE Transactions on
Knowledge and Data Engineering, vol. 16(9), 2004, pp. 1128-1142.
[7] R. Agrawal, D. Gunopulos, and F. Leymann, "Mining process models
from workflow logs," Sixth International Conference on Extending
Database Technology, 1998, pp. 469-483.
[8] J. Cook and A. Wolf. "Discovering models of software processes from
event-based data," ACM Transactions on Software Engineering and
Methodology, vol. 7(3), 1998, pp. 215-249.
[9] W.M.P. van der Aalst and M. Song, "Mining social networks:
Uncovering interaction patterns in business processes," M. Weske, B.
Pernici, and J. Desel, editors, International Conference on Business
Process Management (BPM 2004), Lecture Notes in Computer Science,
Springer-Verlag, Berlin, 2004.
[10] W.M.P. van der Aalst, A.K. Alves de Medeiros, and A.J.M.M. Weijters,
"Genetic process mining,", Applications and theory of Petri nets, 2005 -
Springer.
[11] A.K.A. de Medeiros, A.J.M.M. Weijters, and W.M.P. van der Aalst,
"Using genetic algorithms to mine process models: Representation,
operators and results," BETA Working Paper Series, WP 124,
Eindhoven University of Technology, Eindhoven, 2004.
[12] Ana Karla Alves de Medeiros, "Genetic Process Mining," Eindhoven
University of Technology, ISBN 978-90-386-0785-6, 2006.
[13] A.K. Alves de Medeiros, A.J.M.M. Weijters and W.M.P. van der Aalst,
"Genetic Process Mining: A Basic Approach and its Challenges," .
[14] Zorana Bankovic, José M. Moya, ├ülvaro Araujo, Slobodan Bojanic, and
Octavio Nieto-Taladriz, "A Genetic Algorithm-based Solution for
Intrusion Detection,", Journal of Information Assurance and Security 4,
2009, pp. 192-199.
@article{"International Journal of Information, Control and Computer Sciences:62206", author = "Hanieh Jalali and Ahmad Baraani", title = "Genetic-based Anomaly Detection in Logs of Process Aware Systems", abstract = "Nowaday-s, many organizations use systems that
support business process as a whole or partially. However, in some
application domains, like software development and health care
processes, a normative Process Aware System (PAS) is not suitable,
because a flexible support is needed to respond rapidly to new
process models. On the other hand, a flexible Process Aware System
may be vulnerable to undesirable and fraudulent executions, which
imposes a tradeoff between flexibility and security. In order to make
this tradeoff available, a genetic-based anomaly detection model for
logs of Process Aware Systems is presented in this paper. The
detection of an anomalous trace is based on discovering an
appropriate process model by using genetic process mining and
detecting traces that do not fit the appropriate model as anomalous
trace; therefore, when used in PAS, this model is an automated
solution that can support coexistence of flexibility and security.", keywords = "Anomaly Detection, Genetic Algorithm, ProcessAware Systems, Process Mining.", volume = "4", number = "4", pages = "812-6", }