🌙

带时间层次业务流程中的异常与有趣性检测

Anomaly and Interestingness Detection in Timed Hierarchical Business Processes

IEEE Transactions on Engineering Management · 2022
被引 5
ABS 3

中文导读

提出一种利用时间约束和粒度感知签名检测业务流程中时间异常和有趣性的方法,通过构建时间层次业务流程模型,满足边缘用户的个性化需求,实验表明性能优于现有技术。

Abstract

Anomaly detection is assumed to be an efficient means of probing cyber-attacks upon business processes, and frequent pattern recognition (referred as interestingness) is complementary to anomaly detection for providing insights about processes. Current studies on anomalies and interestingness focus mostly on measurement design and discovery methods. However, parameterized evaluation from a time dimension has not been well-explored to satisfy personalized demands of edge users. To fill this gap, this article proposes to detect temporal anomalies and interestingness leveraging time-constrained and granularity-aware signatures. Specifically, a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Timed Hierarchical Business Process Model</i> ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TH-BPM</i> ) is constructed by exploiting temporal constraints and granularities thoroughly, and composing activities from fine granularities to coarser ones. Temporal anomalies are estimated with prescribed signatures upon <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">TH-BPM</i> through parameterizing acceptance of deviant executions. Temporal interestingness, as the complement to temporal anomalies, is specified as the most probable execution time that is partitioned into user-defined granules and ranked by the probability leveraging the parameterized signatures. Consequently, various acceptance of anomaly deviations is allowed, and parameterized needs of interestingness detection can be satisfied. Experimental results upon real-life event logs and a real edge network demonstrate that our approach outperforms the state-of-the-art techniques in relevant performance metrics.

异常检测业务流程数据挖掘时间序列分析