Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 31106
Genetic-based Anomaly Detection in Logs of Process Aware Systems

Authors: Hanieh Jalali, Ahmad Baraani


Nowaday-s, many organizations use systems that support business process as a whole or partially. However, in some application domains, like software development and health care processes, a normative Process Aware System (PAS) is not suitable, because a flexible support is needed to respond rapidly to new process models. On the other hand, a flexible Process Aware System may be vulnerable to undesirable and fraudulent executions, which imposes a tradeoff between flexibility and security. In order to make this tradeoff available, a genetic-based anomaly detection model for logs of Process Aware Systems is presented in this paper. The detection of an anomalous trace is based on discovering an appropriate process model by using genetic process mining and detecting traces that do not fit the appropriate model as anomalous trace; therefore, when used in PAS, this model is an automated solution that can support coexistence of flexibility and security.

Keywords: Genetic Algorithm, Process Mining, Anomaly Detection, ProcessAware Systems

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1489


[1] Fabio Bezerra, Jacques Wainer, and W. van der Aalst, "Anomaly detection using process mining," Springer-Verlag Berlin Heidelberg, 2009, pp. 149-161.
[2] W.M.P. van der Aalst, and A.K.A. de Medeiros, "Process mining and security: Detecting anomalous process executions and checking process conformance," Electronic Notes in Theoretical Computer Science, vol. 121(4), 2005, pp. 3-21.
[3] F. Bezerra, and J. Wainer, "Anomaly detection algorithms in logs of process aware systems," SAC 2008: Proceedings of the 2008 ACM symposium on Applied computing, ACM Press, New York, 2008, pp. 951-952.
[4] F. Bezerra, and J. Wainer, "Anomaly detection algorithms in business process logs," ICEIS 2008: Proceedings of the Tenth International Conference on Enterprise Information Systems, Barcelona, Spain, June 2008. AIDSS, pp. 11-18.
[5] W.M.P. van der Aalst, B.F van Dongen, J. Herbst, L. Maruster, G. Schimm, and A.J.M.M Weijters, "Workflow mining: A survey of issues and approaches," Data & Knowledge Engineering, vol. 47(2), 2003, pp. 237-267.
[6] W. van der Aalst, A. Weijters, and L. Maruster, "Workflow mining: Discovering process models from event logs," IEEE Transactions on Knowledge and Data Engineering, vol. 16(9), 2004, pp. 1128-1142.
[7] R. Agrawal, D. Gunopulos, and F. Leymann, "Mining process models from workflow logs," Sixth International Conference on Extending Database Technology, 1998, pp. 469-483.
[8] J. Cook and A. Wolf. "Discovering models of software processes from event-based data," ACM Transactions on Software Engineering and Methodology, vol. 7(3), 1998, pp. 215-249.
[9] W.M.P. van der Aalst and M. Song, "Mining social networks: Uncovering interaction patterns in business processes," M. Weske, B. Pernici, and J. Desel, editors, International Conference on Business Process Management (BPM 2004), Lecture Notes in Computer Science, Springer-Verlag, Berlin, 2004.
[10] W.M.P. van der Aalst, A.K. Alves de Medeiros, and A.J.M.M. Weijters, "Genetic process mining,", Applications and theory of Petri nets, 2005 - Springer.
[11] A.K.A. de Medeiros, A.J.M.M. Weijters, and W.M.P. van der Aalst, "Using genetic algorithms to mine process models: Representation, operators and results," BETA Working Paper Series, WP 124, Eindhoven University of Technology, Eindhoven, 2004.
[12] Ana Karla Alves de Medeiros, "Genetic Process Mining," Eindhoven University of Technology, ISBN 978-90-386-0785-6, 2006.
[13] A.K. Alves de Medeiros, A.J.M.M. Weijters and W.M.P. van der Aalst, "Genetic Process Mining: A Basic Approach and its Challenges," .
[14] Zorana Bankovic, José M. Moya, ├ülvaro Araujo, Slobodan Bojanic, and Octavio Nieto-Taladriz, "A Genetic Algorithm-based Solution for Intrusion Detection,", Journal of Information Assurance and Security 4, 2009, pp. 192-199.