Multi instance anomaly detection in business process executions

Kristof Böhmer; Stefanie Rinderle-Ma

doi:10.1007/978-3-319-65000-55

Multi instance anomaly detection in business process executions

Kristof Böhmer
, Stefanie Rinderle-Ma

Vienna-UNI

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

19 Scopus citations

Abstract

Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller “unsuspi-cious” amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.

Original language	English
Title of host publication	Business Process Management - 15th International Conference, BPM 2017, Proceedings
Editors	Alexandru Baltag, Jeremy Seligman, Tomoyuki Yamada
Publisher	Springer Verlag
Pages	77-93
Number of pages	17
ISBN (Print)	9783319649993
DOIs	https://doi.org/10.1007/978-3-319-65000-55
State	Published - 2017
Externally published	Yes
Event	15th International Conference on Business Process Management, BPM 2017 - Barcelona, Spain Duration: 10 Sep 2017 → 15 Sep 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10445 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Business Process Management, BPM 2017
Country/Territory	Spain
City	Barcelona
Period	10/09/17 → 15/09/17

Keywords

Multiple instances
Runtime anomaly detection
Secure business processes
Temporal anomalies

Access to Document

10.1007/978-3-319-65000-55

Cite this

Böhmer, K., & Rinderle-Ma, S. (2017). Multi instance anomaly detection in business process executions. In A. Baltag, J. Seligman, & T. Yamada (Eds.), Business Process Management - 15th International Conference, BPM 2017, Proceedings (pp. 77-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10445 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-65000-55

Böhmer, Kristof ; Rinderle-Ma, Stefanie. / Multi instance anomaly detection in business process executions. Business Process Management - 15th International Conference, BPM 2017, Proceedings. editor / Alexandru Baltag ; Jeremy Seligman ; Tomoyuki Yamada. Springer Verlag, 2017. pp. 77-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{91fdf90e273d44f1af41f22aab519ba2,

title = "Multi instance anomaly detection in business process executions",

abstract = "Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller “unsuspi-cious” amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.",

keywords = "Multiple instances, Runtime anomaly detection, Secure business processes, Temporal anomalies",

author = "Kristof B{\"o}hmer and Stefanie Rinderle-Ma",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 15th International Conference on Business Process Management, BPM 2017 ; Conference date: 10-09-2017 Through 15-09-2017",

year = "2017",

doi = "10.1007/978-3-319-65000-55",

language = "English",

isbn = "9783319649993",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "77--93",

editor = "Alexandru Baltag and Jeremy Seligman and Tomoyuki Yamada",

booktitle = "Business Process Management - 15th International Conference, BPM 2017, Proceedings",

}

Böhmer, K & Rinderle-Ma, S 2017, Multi instance anomaly detection in business process executions. in A Baltag, J Seligman & T Yamada (eds), Business Process Management - 15th International Conference, BPM 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10445 LNCS, Springer Verlag, pp. 77-93, 15th International Conference on Business Process Management, BPM 2017, Barcelona, Spain, 10/09/17. https://doi.org/10.1007/978-3-319-65000-55

Multi instance anomaly detection in business process executions. / Böhmer, Kristof; Rinderle-Ma, Stefanie.
Business Process Management - 15th International Conference, BPM 2017, Proceedings. ed. / Alexandru Baltag; Jeremy Seligman; Tomoyuki Yamada. Springer Verlag, 2017. p. 77-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10445 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Multi instance anomaly detection in business process executions

AU - Böhmer, Kristof

AU - Rinderle-Ma, Stefanie

N1 - Publisher Copyright: © Springer International Publishing AG 2017.

PY - 2017

Y1 - 2017

N2 - Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller “unsuspi-cious” amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.

AB - Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller “unsuspi-cious” amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.

KW - Multiple instances

KW - Runtime anomaly detection

KW - Secure business processes

KW - Temporal anomalies

UR - https://www.scopus.com/pages/publications/85048500931

U2 - 10.1007/978-3-319-65000-55

DO - 10.1007/978-3-319-65000-55

M3 - Conference contribution

AN - SCOPUS:85048500931

SN - 9783319649993

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 77

EP - 93

BT - Business Process Management - 15th International Conference, BPM 2017, Proceedings

A2 - Baltag, Alexandru

A2 - Seligman, Jeremy

A2 - Yamada, Tomoyuki

PB - Springer Verlag

T2 - 15th International Conference on Business Process Management, BPM 2017

Y2 - 10 September 2017 through 15 September 2017

ER -

Böhmer K, Rinderle-Ma S. Multi instance anomaly detection in business process executions. In Baltag A, Seligman J, Yamada T, editors, Business Process Management - 15th International Conference, BPM 2017, Proceedings. Springer Verlag. 2017. p. 77-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-65000-55

Multi instance anomaly detection in business process executions

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this