TY - GEN
T1 - Automatic signature generation for anomaly detection in business process instance data
AU - Böhmer, Kristof
AU - Rinderle-Ma, Stefanie
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2016.
PY - 2016
Y1 - 2016
N2 - Implementing and automating business processes often means to connect and integrate a diverse set of potentially flawed services and applications. This makes them an attractive target for attackers. Here anomaly detection is one of the last defense lines against unknown vulnerabilities. Whereas anomaly detection for process behavior has been researched, anomalies in process instance data have been neglected so far, even though the data is exchanged with external services and hence might be a major sources for attacks. Deriving the required anomaly detection signatures can be a complex, work intensive, and error-prone task, specifically at the presence of a multitude of process versions and instances. Hence, this paper proposes a novel automatic signature generation approach for textual business process instance data while respecting its contextual attributes. Its efficiency is shown by an comprehensive evaluation that applies the approach on thousands of realistic data entries and 240, 000 anomalous data entries.
AB - Implementing and automating business processes often means to connect and integrate a diverse set of potentially flawed services and applications. This makes them an attractive target for attackers. Here anomaly detection is one of the last defense lines against unknown vulnerabilities. Whereas anomaly detection for process behavior has been researched, anomalies in process instance data have been neglected so far, even though the data is exchanged with external services and hence might be a major sources for attacks. Deriving the required anomaly detection signatures can be a complex, work intensive, and error-prone task, specifically at the presence of a multitude of process versions and instances. Hence, this paper proposes a novel automatic signature generation approach for textual business process instance data while respecting its contextual attributes. Its efficiency is shown by an comprehensive evaluation that applies the approach on thousands of realistic data entries and 240, 000 anomalous data entries.
KW - Anomaly detection
KW - Process instance
KW - Regex
KW - Textual data
UR - http://www.scopus.com/inward/record.url?scp=84976629578&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-39429-9_13
DO - 10.1007/978-3-319-39429-9_13
M3 - Conference contribution
AN - SCOPUS:84976629578
SN - 9783319394282
T3 - Lecture Notes in Business Information Processing
SP - 196
EP - 211
BT - Enterprise, Business-Process and Information Systems Modeling - 17th International Conference, BPMDS 2016, 21st International Conference, EMMSAD 2016, Held at CAiSE 2016, Proceedings
A2 - Schmidt, Rainer
A2 - Bider, Ilia
A2 - Guerreiro, Sérgio
A2 - Guédria, Wided
PB - Springer Verlag
T2 - 17th International Conference on Business Process Modeling, Development and Support, BPMDS 2016 and 21st International Conference on Exploring Modeling Methods for Systems Analysis and Design, EMMSAD 2016 held at Conference on Advanced Information Systems Engineering, CAiSE 2016
Y2 - 13 June 2016 through 14 June 2016
ER -