Presentation is loading. Please wait.

Presentation is loading. Please wait.

/faculteit technologie management Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "/faculteit technologie management Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst."— Presentation transcript:

1 /faculteit technologie management Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst Ana Karla A. de Medeiros Eindhoven University of Technology Department of Information and Technology a.k.medeiros@tm.tue.nl

2 /faculteit technologie management Outline Motivation Process Mining:  -algorithm Detecting Anomalous Process Execution Checking Process Conformance Conclusion and Future work

3 /faculteit technologie management Process Mining: Overview 1) basic performance metrics 2) process model3) organizational model4) social network 5) performance characteristics If …then … 6) auditing/security

4 /faculteit technologie management –Workflow Mining (What is the process?) –Delta analysis (Are we doing what was specified?) –Performance analysis (How can we improve?) Motivation

5 /faculteit technologie management Motivation How can we benefit from process mining to verify security issues in computer systems? –Detect anomalous process execution –Check process conformance

6 /faculteit technologie management Process Mining – Process log ABCDACBDEF case 1 : task A case 2 : task A case 3 : task A case 3 : task B case 1 : task B case 1 : task C case 2 : task C case 4 : task A case 2 : task B case 2 : task D case 5 : task E case 4 : task C case 1 : task D case 3 : task C case 3 : task D case 4 : task B case 5 : task F case 4 : task D Minimal information in noise- free log: case id’s and task id’s Additional information: event type, time, resources, and data In this log there are three possible sequences:

7 /faculteit technologie management Process Mining – Ordering Relations >, ,||,# Direct succession: x>y iff for some case x is directly followed by y. Causality: x  y iff x>y and not y>x. Parallel: x||y iff x>y and y>x Unrelated: x#y iff not x>y and not y>x. case 1 : task A case 2 : task A case 3 : task A case 3 : task B case 1 : task B case 1 : task C case 2 : task C case 4 : task A case 2 : task B... A>BA>CB>CB>DC>BC>DE>F ABABACACBDBDCDCDEFEFABABACACBDBDCDCDEFEF B||CC||BABCDACBDEF

8 /faculteit technologie management Process Mining –  -algorithm Let W be a workflow log over T.  (W) is defined as follows. 1.T W = { t  T     W t   }, 2.T I = { t  T     W t = first(  ) }, 3.T O = { t  T     W t = last(  ) }, 4.X W = { (A,B)  A  T W  B  T W   a  A  b  B a  W b   a1,a2  A a 1 # W a 2   b1,b2  B b 1 # W b 2 }, 5.Y W = { (A,B)  X   (A,B)  X A  A  B  B  (A,B) = (A,B) }, 6.P W = { p (A,B)  (A,B)  Y W }  {i W,o W }, 7.F W = { (a,p (A,B) )  (A,B)  Y W  a  A }  { (p (A,B),b)  (A,B)  Y W  b  B }  { (i W,t)  t  T I }  { (t,o W )  t  T O }, and  (W) = (P W,T W,F W ).

9 /faculteit technologie management Process Mining –  -algorithmABCDACBDEF ABABACACBDBDCDCDEFEFABABACACBDBDCDCDEFEF B||CC||B

10 /faculteit technologie management Process Mining –  -algorithm If log is complete with respect to relation >, it can be used to mine SWF-net without short loops Structured Workflow Nets (SWF-nets) have no implicit places and the following two constructs cannot be used:

11 /faculteit technologie management Detecting Anomalous Process Executions Use the  -algorithm to discover the acceptable behavior –Log traces = audit trails –Cases = session ids –Complete log only has acceptable audit trails Verify the conformance of new audit trails by playing the “token game”

12 /faculteit technologie management Detecting Anomalous Process Executions Enter, Select Product, Add to Basket, Cancel Order

13 /faculteit technologie management Detecting Anomalous Process Executions Enter, Select Product, Add to Basket, Proceed to Checkout, Fill in Delivery Info, Fill in Payment Info, Process Order, Finish Checkout 

14 /faculteit technologie management Verify if a pattern holds Checking Process Conformance Provide Password  Process Order So… Provide Password > Process Order and NOT Process Order > Provide Password

15 /faculteit technologie management Provide Password  Process Order Checking Process Conformance (!) Token game can be used to verify if the pattern holds for every audit trail

16 /faculteit technologie management Conclusion –Process mining can be used to Detect anomalous behavior Check process conformance www.processmining.org –Tools are available at our website www.processmining.org Future Work –Apply process mining to audit trails from real-life case studies Conclusion and Future Work

17 /faculteit technologie management Questions? www.processmining.org

Download ppt "/faculteit technologie management Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance Wil van der Aalst."

Similar presentations

From Local Patterns to Global Models: Towards Domain Driven Educational Process Mining Nikola Trčka Mykola Pechenizkiy.

From Local Patterns to Global Models: Towards Domain Driven Educational Process Mining Nikola Trčka Mykola Pechenizkiy.
/faculteit technologie management /faculteit wiskunde en informatica PM-1 Process mining: Discovering Process Models from Event Logs Prof.dr.ir. Wil van.

/faculteit technologie management /faculteit wiskunde en informatica PM-1 Process mining: Discovering Process Models from Event Logs Prof.dr.ir. Wil van.
Jorge Muñoz-Gama Josep Carmona

Jorge Muñoz-Gama Josep Carmona
1 Analysis of workflows : Verification, validation, and performance analysis. Wil van der Aalst Eindhoven University of Technology Faculty of Technology.

1 Analysis of workflows : Verification, validation, and performance analysis. Wil van der Aalst Eindhoven University of Technology Faculty of Technology.
A university for the world real R © 2009, www.yawlfoundation.org Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.

A university for the world real R © 2009, Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.
Sequential Patterns & Process Mining Current State of Research Edgar de Graaf LIACS.

Sequential Patterns & Process Mining Current State of Research Edgar de Graaf LIACS.
Process Mining in the Context of Web Services Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands.

Process Mining in the Context of Web Services Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands.
/faculteit technologie management 1 Process Mining: Organizational and Conformance Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros.

/faculteit technologie management 1 Process Mining: Organizational and Conformance Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros.
MXML A Meta model for process mining data

MXML A Meta model for process mining data
/faculteit technologie management 1 Process Mining: Control-Flow Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros Eindhoven University.

/faculteit technologie management 1 Process Mining: Control-Flow Mining Algorithms Ana Karla Alves de Medeiros Ana Karla Alves de Medeiros Eindhoven University.
Aligning Event Logs and Process Models for Multi- perspective Conformance Checking: An Approach Based on ILP Massimiliano de Leoni Wil M. P. van der Aalst.

Aligning Event Logs and Process Models for Multi- perspective Conformance Checking: An Approach Based on ILP Massimiliano de Leoni Wil M. P. van der Aalst.
Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology

Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology
/faculteit technologie management PN-1 Petri nets refresher Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Faculty of Technology Management,

/faculteit technologie management PN-1 Petri nets refresher Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Faculty of Technology Management,
/faculteit technologie management Genetic Process Mining Ana Karla Medeiros Ton Weijters Wil van der Aalst Eindhoven University of Technology Department.

/faculteit technologie management Genetic Process Mining Ana Karla Medeiros Ton Weijters Wil van der Aalst Eindhoven University of Technology Department.
Process Mining from discovery to checking Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Department of Information Systems, P.O. Box.

Process Mining from discovery to checking Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology, Department of Information Systems, P.O. Box.
/faculteit technologie management www.processmining.org Genetic Process Mining Ana Karla Alves de Medeiros Eindhoven University of Technology Department.

/faculteit technologie management Genetic Process Mining Ana Karla Alves de Medeiros Eindhoven University of Technology Department.
Process Mining in CSCW Systems All truths are easy to understand once they are discovered; the point is to discover them. Galileo Galilei (1564 - 1642)

Process Mining in CSCW Systems All truths are easy to understand once they are discovered; the point is to discover them. Galileo Galilei ( )
Mining Social Networks Uncovering interaction patterns in business processes Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department.

Mining Social Networks Uncovering interaction patterns in business processes Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department.
1 Analysis of workflows a-priori and a-posteriori analysis Wil van der Aalst Eindhoven University of Technology Faculty of Technology Management Department.

1 Analysis of workflows a-priori and a-posteriori analysis Wil van der Aalst Eindhoven University of Technology Faculty of Technology Management Department.
Business Alignment Using Process Mining as a Tool for Delta Analysis Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department of Information.

Business Alignment Using Process Mining as a Tool for Delta Analysis Prof.dr.ir. Wil van der Aalst Eindhoven University of Technology Department of Information.

Similar presentations

Ads by Google