/faculteit technologie management Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst.

Slides:



Advertisements
Similar presentations
From Local Patterns to Global Models: Towards Domain Driven Educational Process Mining Nikola Trčka Mykola Pechenizkiy.
Advertisements

/faculteit technologie management /faculteit wiskunde en informatica PM-1 Process mining: Discovering Process Models from Event Logs Prof.dr.ir. Wil van.
Jorge Muñoz-Gama Josep Carmona
1 Analysis of workflows : Verification, validation, and performance analysis. Wil van der Aalst Eindhoven University of Technology Faculty of Technology.
A university for the world real R © 2009, Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.
Sequential Patterns & Process Mining Current State of Research Edgar de Graaf LIACS.
Process Mining in the Context of Web Services Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands.
/faculteit technologie management 1 Process Mining: Organizational and Conformance Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros.
MXML A Meta model for process mining data
/faculteit technologie management 1 Process Mining: Control-Flow Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros Eindhoven University.
Aligning Event Logs and Process Models for Multi- perspective Conformance Checking: An Approach Based on ILP Massimiliano de Leoni Wil M. P. van der Aalst.
Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology
/faculteit technologie management PN-1 Petri nets refresher Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Faculty of Technology Management,
/faculteit technologie management Genetic Process Mining Ana Karla Medeiros Ton Weijters Wil van der Aalst Eindhoven University of Technology Department.
Process Mining from discovery to checking Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Department of Information Systems, P.O. Box.
/faculteit technologie management Genetic Process Mining Ana Karla Alves de Medeiros Eindhoven University of Technology Department.
Process Mining in CSCW Systems All truths are easy to understand once they are discovered; the point is to discover them. Galileo Galilei ( )
Mining Social Networks Uncovering interaction patterns in business processes Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department.
1 Analysis of workflows a-priori and a-posteriori analysis Wil van der Aalst Eindhoven University of Technology Faculty of Technology Management Department.
Business Alignment Using Process Mining as a Tool for Delta Analysis Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department of Information.
Process Mining: The next step in Business Process Management Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department of Information.
Discovering Coordination Patterns using Process Mining Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department of Information and Technology.
/faculteit technologie management 1 Process Mining: General Introduction Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros Eindhoven University of.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Process Mining: Discovering processes from event logs All truths are easy to understand once they are discovered; the point is to discover them. Galileo.
/faculteit technologie management Genetic Process Mining Wil van der Aalst Ana Karla Medeiros Ton Weijters Eindhoven University of Technology Department.
Process Mining: An iterative algorithm using the Theory of Regions Kristian Bisgaard Lassen Boudewijn van Dongen Wil van.
/faculteit technologie management 1 Process Mining: Extension Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros Eindhoven University.
Process Mining for Ubiquitous Mobile Systems An Overview and a Concrete Algorithm Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department.
A university for the world real R © 2009, Chapter 17 Process Mining and Simulation Moe Wynn Anne Rozinat Wil van der Aalst Arthur.
Scientific Workflows Within the Process Mining Domain Martina Caccavale 17 April 2014.
HIERARCHICAL CONFORMANCE CHECKING OF PROCESS MODELS BASED ON EVENT LOGS Jorge Munoz-Gama, Josep Carmona and Wil M.P. van der Aalst.
Process Mining Control flow process discovery Fabrizio Maria Maggi (based on Process Mining book – Springer copyright 2011 and lecture material by Marlon.
Jorge Muñoz-Gama Universitat Politècnica de Catalunya (Barcelona, Spain) Algorithms for Process Conformance and Process Refinement.
Process Mining Control flow process discovery
Process Mining: Discovering processes from event logs All truths are easy to understand once they are discovered; the point is to discover them. Galileo.
مهندسی مجدد فرآیندهای تجاری
Pontificia Universidad Católica de Chile School of Engineering Department of Computer Science A feedback-based framework for process enhancement of causal.
Jianmin Wang 1, Shaoxu Song 1, Xiaochen Zhu 1, Xuemin Lin 2 1 Tsinghua University, China 2 University of New South Wales, Australia 1/23 VLDB 2013.
Systems II San Pham CS /20/03. Topics Operating Systems Resource Management – Process Management – CPU Scheduling – Deadlock Protection/Security.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Han-na Yang Rediscovering Workflow Models from Event-Based Data using Little Thumb.
Petri nets refresher Prof.dr.ir. Wil van der Aalst
Process-oriented System Analysis Process Mining. BPM Lifecycle.
Decision Mining in Prom A. Rozinat and W.M.P. van der Aalst Joosung, Ko.
Alignment-based Precision Checking A. Adriansyah 1, J. Munoz Gamma 2, J. Carmona 2, B.F. van Dongen 1, W.M.P. van der Aalst 1 Tallinn, 3 September 2012.
/faculteit technologie management Workflow Mining: Current Status and Future Directions Ana Karla A. de Medeiros, W.M.P van der Aalst and A.J.M.M. Weijters.
Decomposing Data-aware Conformance Checking Massimiliano de Leoni, Jorge Munoz-Gama, Josep Carmona, Wil van der Aalst PAGE 0.
/faculteit technologie management PN-1 Petri nets refresher Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Faculty of Technology Management,
/faculteit technologie management PN-1 Petri nets refresher Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Faculty of Technology Management,
Intelligent Database Systems Lab N.Y.U.S.T. I. M. Towards comprehensive support for organizational mining Presenter : Yu-hui Huang Authors : Minseok Song,
/faculteit technologie management PN-1 Petri nets refresher Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Faculty of Technology Management,
1 CS techniques for IT auditing Lecture 6. Dept of Mathematics and Computer Science 2 Transition system (1) Basic process model of CS is a transition.
Process Mining – Concepts and Algorithms Review of literature on process mining techniques for event log data.
30 januari 2018 Mining Social Networks Uncovering interaction patterns in business processes Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology.
7 mei 2018 Process Mining in CSCW Systems All truths are easy to understand once they are discovered; the point is to discover them. Galileo Galilei.
MTAT Business Process Management (BPM) Lecture 11: Process Monitoring and Mining Fabrizio Maggi (based on lecture material by Marlon Dumas, Wil.
Profiling based unstructured process logs
Exploring processes and deviations
Patterns extraction from process executions
Concurrent Systems Modeling using Petri Nets – Part II
Decomposed Process Mining: The ILP Case
Wil van der Aalst Eindhoven University of Technology
Wil van der Aalst Eindhoven University of Technology
Workflow Management Systems: Functions, architecture, and products.
Multi-phase process mining
3 mei 2019 Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst Ana Karla A. de Medeiros.
Business Alignment Using Process Mining as a Tool for Delta Analysis
5 juli 2019 Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst Ana Karla A. de Medeiros.
19 augustus 2019 Mining Social Networks Uncovering interaction patterns in business processes Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology.
Presentation transcript:

/faculteit technologie management Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst Ana Karla A. de Medeiros Eindhoven University of Technology Department of Information and Technology

/faculteit technologie management Outline Motivation Process Mining:  -algorithm Detecting Anomalous Process Execution Checking Process Conformance Conclusion and Future work

/faculteit technologie management Process Mining: Overview 1) basic performance metrics 2) process model3) organizational model4) social network 5) performance characteristics If …then … 6) auditing/security

/faculteit technologie management –Workflow Mining (What is the process?) –Delta analysis (Are we doing what was specified?) –Performance analysis (How can we improve?) Motivation

/faculteit technologie management Motivation How can we benefit from process mining to verify security issues in computer systems? –Detect anomalous process execution –Check process conformance

/faculteit technologie management Process Mining – Process log ABCDACBDEF case 1 : task A case 2 : task A case 3 : task A case 3 : task B case 1 : task B case 1 : task C case 2 : task C case 4 : task A case 2 : task B case 2 : task D case 5 : task E case 4 : task C case 1 : task D case 3 : task C case 3 : task D case 4 : task B case 5 : task F case 4 : task D Minimal information in noise- free log: case id’s and task id’s Additional information: event type, time, resources, and data In this log there are three possible sequences:

/faculteit technologie management Process Mining – Ordering Relations >, ,||,# Direct succession: x>y iff for some case x is directly followed by y. Causality: x  y iff x>y and not y>x. Parallel: x||y iff x>y and y>x Unrelated: x#y iff not x>y and not y>x. case 1 : task A case 2 : task A case 3 : task A case 3 : task B case 1 : task B case 1 : task C case 2 : task C case 4 : task A case 2 : task B... A>BA>CB>CB>DC>BC>DE>F ABABACACBDBDCDCDEFEFABABACACBDBDCDCDEFEF B||CC||BABCDACBDEF

/faculteit technologie management Process Mining –  -algorithm Let W be a workflow log over T.  (W) is defined as follows. 1.T W = { t  T     W t   }, 2.T I = { t  T     W t = first(  ) }, 3.T O = { t  T     W t = last(  ) }, 4.X W = { (A,B)  A  T W  B  T W   a  A  b  B a  W b   a1,a2  A a 1 # W a 2   b1,b2  B b 1 # W b 2 }, 5.Y W = { (A,B)  X   (A,B)  X A  A  B  B  (A,B) = (A,B) }, 6.P W = { p (A,B)  (A,B)  Y W }  {i W,o W }, 7.F W = { (a,p (A,B) )  (A,B)  Y W  a  A }  { (p (A,B),b)  (A,B)  Y W  b  B }  { (i W,t)  t  T I }  { (t,o W )  t  T O }, and  (W) = (P W,T W,F W ).

/faculteit technologie management Process Mining –  -algorithmABCDACBDEF ABABACACBDBDCDCDEFEFABABACACBDBDCDCDEFEF B||CC||B

/faculteit technologie management Process Mining –  -algorithm If log is complete with respect to relation >, it can be used to mine SWF-net without short loops Structured Workflow Nets (SWF-nets) have no implicit places and the following two constructs cannot be used:

/faculteit technologie management Detecting Anomalous Process Executions Use the  -algorithm to discover the acceptable behavior –Log traces = audit trails –Cases = session ids –Complete log only has acceptable audit trails Verify the conformance of new audit trails by playing the “token game”

/faculteit technologie management Detecting Anomalous Process Executions Enter, Select Product, Add to Basket, Cancel Order

/faculteit technologie management Detecting Anomalous Process Executions Enter, Select Product, Add to Basket, Proceed to Checkout, Fill in Delivery Info, Fill in Payment Info, Process Order, Finish Checkout 

/faculteit technologie management Verify if a pattern holds Checking Process Conformance Provide Password  Process Order So… Provide Password > Process Order and NOT Process Order > Provide Password

/faculteit technologie management Provide Password  Process Order Checking Process Conformance (!) Token game can be used to verify if the pattern holds for every audit trail

/faculteit technologie management Conclusion –Process mining can be used to Detect anomalous behavior Check process conformance –Tools are available at our website Future Work –Apply process mining to audit trails from real-life case studies Conclusion and Future Work

/faculteit technologie management Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.