Abstract
The identification of different risks and threats has become a top priority for organizations in recent years. Various techniques in both data and process mining fields have been developed to uncover unknown risks. However, applying them is challenging for risk analysts since it requires deep knowledge of mining algorithms. To help business and risk analysts to identify potential operational and data security risks, we developed an easy to apply automated framework which can discover anomalous behavioral patterns in business process executions. First, using a process mining technique, it obtains deviations in different aspects of a business process such as skipped tasks, spurious data accesses, and misusage of authorizations. Then, by applying a rule mining technique, it can extract anomalous behavioral patterns. Furthermore, in an automated procedure, our framework is able to automatically interpret anomalous patterns and categorize them into roles, users, and system deviating patterns. We conduct experiments on a real-life dataset from a financial organization and demonstrate that our framework enables accurate diagnostics and a better understanding of deviant behaviors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
Available at https://github.com/AzadehMozafariMehr/Rule-mining.
References
DePoy, E., Gitlin, L.N. (eds.): Statistical analysis for experimental-type designs. In: DePoy, E., Gitlin, L.N. (eds.) Introduction to Research, 5th Edn., pp. 282–310. Mosby, St. Louis (2016). Chapter 20
Böhmer, K., Rinderle-Ma, S.: Mining association rules for anomaly detection in dynamic process runtime behavior and explaining the root cause to users. Inf. Syst. 90, 101438 (2020). Advances in Information Systems Engineering Best Papers of CAiSE 2018
van der Aalst, W.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19345-3
Adriansyah, A., van Dongen, B.F., van der Aalst, W.M.P.: Towards robust conformance checking. In: zur Muehlen, M., Su, J. (eds.) BPM 2010. LNBIP, vol. 66, pp. 122–133. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20511-8_11
Agrawal, R., Imieliński, T., Swami, A.: Mining association rules between sets of items in large databases. In: Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data, pp. 207–216 (1993)
Agrawal, R., Srikant, R., et al.: Fast algorithms for mining association rules. In: Proceedings 20th International Conference Very Large Data Bases, VLDB, vol. 1215, pp. 487–499, Santiago, Chile (1994)
Alizadeh, M., Lu, X., Fahland, D., Zannone, N., van der Aalst, W.: Linking data and process perspectives for conformance analysis. Comput. Secur. 73, 172–193 (2018)
Aqra, I., Abdul Ghani, N., Maple, C., Machado, J., Sohrabi Safa, N.: Incremental algorithm for association rule mining under dynamic threshold. Appl. Sci. 9(24) (2019)
Chengyan, L., Feng, S., Sun, G.: DCE-miner: an association rule mining algorithm for multimedia based on the mapreduce framework. Multimedia Tools Appl. 79(23), 16771–16793 (2020)
van Dongen, B.: BPI Challenge 2017 (2 2017). https://doi.org/10.4121/uuid:5f3067df-f10b-45da-b98b-86ae4c7a310b
Han, J., Pei, J., Kamber, M.: Data mining: concepts and techniques. Elsevier (2011)
Jiawei, H., Jian, P., Yiwen, Y., Runying, M.: Mining frequent patterns without candidate generation: a frequent-pattern tree approach. In: Data Mining and Knowledge Discovery, pp. 53–87 (2004)
Knapp, K.J., Morris, R.F., Jr., Marshall, T.E., Byrd, T.A.: Information security policy: an organizational-level process model. Comput. Secur. 28(7), 493–508 (2009)
Leemans, S.J.J., Fahland, D., van der Aalst, W.M.P.: Discovering block-structured process models from event logs - a constructive approach. In: Colom, J.-M., Desel, J. (eds.) PETRI NETS 2013. LNCS, vol. 7927, pp. 311–329. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38697-8_17
de Leoni, M., van der Aalst, W.M.P.: Aligning event logs and process models for multi-perspective conformance checking: an approach based on integer linear programming. In: Daniel, F., Wang, J., Weber, B. (eds.) BPM 2013. LNCS, vol. 8094, pp. 113–129. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40176-3_10
Liu, K., Wu, Y., Wei, W., Wang, Z., Zhu, J., Wang, H.: An interactive approach of rule mining and anomaly detection for internal risks. In: Nigdeli, S.M., Kim, J.H., Bekdaş, G., Yadav, A. (eds.) ICHSA 2020. AISC, vol. 1275, pp. 365–376. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-8603-3_32
Loch, K.D., Carr, H.H., Warkentin, M.E.: Threats to information systems: today’s reality, yesterday’s understanding. MIS Q. 16(2), 173–186 (1992)
Mannhardt, F., de Leoni, M., Reijers, H., van der Aalst, W.: Balanced multi-perspective checking of process conformance. BPMcenter.org (2014)
Mozafari Mehr, A.S., de Carvalho, R.M., van Dongen, B.: Detecting privacy, data and control-flow deviations in business processes. In: Nurcan, S., Korthaus, A. (eds.) CAiSE 2021. LNBIP, vol. 424, pp. 82–91. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-79108-7_10
Mozafari Mehr, A.S., de Carvalho, R.M., van Dongen, B.: MLA: a tool for multi-perspective conformance checking of business processes. In: Jans, M., De Weerdt, J., Depaire, B., Dumas, M., Janssenswillen, G. (eds.) ICPM 2021 Doctoral Consortium and Demo Track 2021, pp. 35–36 (2021). http://ceur-ws.org/
Pika, A., van der Aalst, W.M., Wynn, M.T., Fidge, C.J., ter Hofstede, A.H.: Evaluating and predicting overall process risk using event logs. Inf. Sci. 352, 98–120 (2016)
Rodrigues, A.M.B., et al.: Stairway to value: mining a loan application process (2017)
Sarno, R., Dewandono, R.D., Ahmad, T., Naufal, M.F., Sinaga, F.: Hybrid association rule learning and process mining for fraud detection. IAENG Int. J. Comput. Sci. 42(2) (2015)
Scheithauer, G., Henne, R.L., Kerciku, A., Waldenmaier, R., Riedel, U.: Suggestions for improving a bank’s loan application process based on a process mining analysis (2017)
Setiawan, F., Yahya, B.N.: Improved behavior model based on sequential rule mining. Appl. Soft Comput. 68, 944–960 (2018)
Warkentin, M., Willison, R.: Behavioral and policy issues in information systems security: the insider threat. Eur. J. Inf. Syst. 18(2), 101–105 (2009)
Acknowledgement
The author has received funding within the BPR4GDPR project from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787149.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
Reproducibility
The source code and inputs required to reproduce the experiments can be found at https://github.com/AzadehMozafariMehr/Rule-mining.
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mozafari Mehr, A.S., M. de Carvalho, R., van Dongen, B. (2022). An Association Rule Mining-Based Framework for the Discovery of Anomalous Behavioral Patterns. In: Chen, W., Yao, L., Cai, T., Pan, S., Shen, T., Li, X. (eds) Advanced Data Mining and Applications. ADMA 2022. Lecture Notes in Computer Science(), vol 13725. Springer, Cham. https://doi.org/10.1007/978-3-031-22064-7_29
Download citation
DOI: https://doi.org/10.1007/978-3-031-22064-7_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22063-0
Online ISBN: 978-3-031-22064-7
eBook Packages: Computer ScienceComputer Science (R0)