TY - GEN
T1 - Behavioral classification of business process executions at runtime
AU - Van Beest, Nick R.T.P.
AU - Weber, Ingo
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - Current automated methods to identify erroneous or malicious executions of a business process from logs, metrics, or other observable effects are based on detecting deviations from the normal behavior of the process. This requires a “single model of normative behavior”: the current execution either conforms to that model, or not. In this paper, we propose a method to automatically distinguish different behaviors during the execution of a process, so that a timely reaction can be triggered, e.g., to mitigate the risk of an ongoing attack. The behavioral classes are learned from event logs of a process, including branching probabilities and event frequencies. Using this method, harmful or problematic behavior can be identified during or even prior to its occurrence, raising alarms as early as undesired behavior is observable. The proposed method has been implemented and evaluated on a set of artificial logs capturing different types of exceptional behavior. Pushing the method to its edge in this evaluation, we provide a first assessment of where the method can clearly discriminate between classes of behavior, and where the differences are too small to make a clear determination.
AB - Current automated methods to identify erroneous or malicious executions of a business process from logs, metrics, or other observable effects are based on detecting deviations from the normal behavior of the process. This requires a “single model of normative behavior”: the current execution either conforms to that model, or not. In this paper, we propose a method to automatically distinguish different behaviors during the execution of a process, so that a timely reaction can be triggered, e.g., to mitigate the risk of an ongoing attack. The behavioral classes are learned from event logs of a process, including branching probabilities and event frequencies. Using this method, harmful or problematic behavior can be identified during or even prior to its occurrence, raising alarms as early as undesired behavior is observable. The proposed method has been implemented and evaluated on a set of artificial logs capturing different types of exceptional behavior. Pushing the method to its edge in this evaluation, we provide a first assessment of where the method can clearly discriminate between classes of behavior, and where the differences are too small to make a clear determination.
UR - http://www.scopus.com/inward/record.url?scp=85019196559&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-58457-7_25
DO - 10.1007/978-3-319-58457-7_25
M3 - Conference contribution
AN - SCOPUS:85019196559
SN - 9783319584560
T3 - Lecture Notes in Business Information Processing
SP - 339
EP - 353
BT - Business Process Management Workshops - BPM 2016 International Workshops, Revised Papers, 2016
A2 - Fantinato, Marcelo
A2 - Dumas, Marlon
PB - Springer Verlag
T2 - International Conference on Business Process Management, BPM 2016
Y2 - 18 September 2016 through 22 September 2016
ER -