Skip to main content
Springer Nature Link
Log in

Control-Flow Reconstruction Attacks on Business Process Models

  • Conference paper
  • First Online:
Enterprise Design, Operations, and Computing (EDOC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15409))

  • 4 Accesses

Abstract

Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies. Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/henrikkirchmann/Control-Flow-Reconstruction.

  2. 2.

    https://github.com/henrikkirchmann/Control-Flow-Reconstruction/tree/main/Appendix.

References

  1. Augusto, A., et al.: Automated discovery of process models from event logs: review and benchmark. IEEE TKDE 31(4), 686–705 (2019)

    MATH  Google Scholar 

  2. Berti, A., van Zelst, S.J., Schuster, D.: Pm4py: a process mining library for python. Softw. Impacts 17, 100556 (2023). https://doi.org/10.1016/J.SIMPA.2023.100556

    Article  MATH  Google Scholar 

  3. Burke, A., Leemans, S.J., Wynn, M.T.: Stochastic process discovery by weight estimation. In: ICPM Workshops, pp. 260–272. Springer, Cham (2020)

    Google Scholar 

  4. Burke, A., Leemans, S.J., Wynn, M.T.: Discovering stochastic process models by reduction and abstraction. In: Petri Nets, pp. 312–336. Springer, Cham (2021)

    Google Scholar 

  5. Camargo, M., Dumas, M., González, O.: Automated discovery of business process simulation models from event logs. DSS 134, 113284 (2020)

    Google Scholar 

  6. Carmona, J., van Dongen, B.F., Solti, A., Weidlich, M.: Conformance Checking - Relating Processes and Models. Springer (2018). https://doi.org/10.1007/978-3-319-99414-7

  7. Chapela-Campa, D., Benchekroun, I., Baron, O., Dumas, M., Krass, D., Senderovich, A.: Can I trust my simulation model? measuring the quality of business process simulation models, vol. 14159, pp. 20–37 (2023). https://doi.org/10.1007/978-3-031-41620-0_2

  8. van Dongen, B.: BPI challenge 2017. 4tu. Centre for Research Data, Dataset (2017)

    Google Scholar 

  9. van Dongen, B.F.: BPI challenge 2015. In: 11th International Workshop on Business Process Intelligence (BPI 2015) (2015)

    Google Scholar 

  10. Elkoumy, G., Pankova, A., Dumas, M.: Privacy-preserving directly-follows graphs: balancing risk and utility in process mining. arXiv preprint arXiv:2012.01119 (2020)

  11. Fahrenkrog-Petersen, S.A., Kabierski, M., van der Aa, H., Weidlich, M.: Semantics-aware mechanisms for control-flow anonymization in process mining. Inf. Syst. 102169 (2023)

    Google Scholar 

  12. Hidano, S., Murakami, T., Katsumata, S., Kiyomoto, S., Hanaoka, G.: Model inversion attacks for online prediction systems: without knowledge of non-sensitive attributes. IEICE Trans. Inf. Syst. 101-D(11), 2665–2676 (2018). https://doi.org/10.1587/TRANSINF.2017ICP0013

  13. Hildebrant, R., Fahrenkrog-Petersen, S.A., Weidlich, M., Ren, S.: PMDG: privacy for multi-perspective process mining through data generalization. In: CAiSE. Lecture Notes in Computer Science, vol. 13901, pp. 506–521. Springer, Cham (2023)

    Google Scholar 

  14. Hilprecht, B., Härterich, M., Bernau, D.: Monte Carlo and reconstruction membership inference attacks against generative models. Proc. Priv. Enhancing Technol. 2019(4), 232–249 (2019). https://doi.org/10.2478/POPETS-2019-0067

    Article  MATH  Google Scholar 

  15. Leemans, S.J.J., Fahland, D., van der Aalst, W.M.P.: Discovering block-structured process models from event logs - a constructive approach. In: Colom, J.M., Desel, J. (eds.) Petri Nets. LNCS, vol. 7927, pp. 311–329. Springer, Cham (2013)

    Google Scholar 

  16. Leemans, S.J.J., Polyvyanyy, A.: Stochastic-aware precision and recall measures for conformance checking in process mining. Inf. Syst. 115, 102197 (2023)

    Article  MATH  Google Scholar 

  17. Leemans, S.J., Syring, A.F., van der Aalst, W.M.: Earth movers’ stochastic conformance checking. In: BPM Forum, pp. 127–143. Springer, Cham (2019)

    Google Scholar 

  18. Maatouk, K., Mannhardt, F.: Quantifying the re-identification risk in published process models. In: ICPM Workshops, pp. 382–394. Springer, Cham (2021)

    Google Scholar 

  19. Mannhardt, F.: Sepsis cases-event log, 4tu. ResearchData. Dataset (2016). https://doi.org/10.4121/uuid:915d2bfb-7e84-49ad-a286-dc35f063a460

  20. Rafiei, M., van der Aalst, W.M.P.: Towards quantifying privacy in process mining. In: ICPM Workshops. LNBIP, vol. 406, pp. 385–397. Springer, Cham (2020)

    Google Scholar 

  21. Rafiei, M., van der Aalst, W.M.P.: Group-based privacy preservation techniques for process mining. Data Knowl. Eng. 134, 101908 (2021)

    Article  MATH  Google Scholar 

  22. Rafiei, M., Wangelik, F., Pourbafrani, M., van der Aalst, W.M.P.: Travag: differentially private trace variant generation using GANs. In: RCIS. LNBIP, vol. 476, pp. 415–431. Springer, Cham (2023)

    Google Scholar 

  23. Rigaki, M., García, S.: A survey of privacy attacks in machine learning. ACM Comput. Surv. 56(4), 101:1–101:34 (2024). https://doi.org/10.1145/3624010

  24. Rogge-Solti, A., van der Aalst, W.M., Weske, M.: Discovering stochastic petri nets with arbitrary delay distributions from event logs. In: BPM Workshops, pp. 15–27. Springer, Cham (2014)

    Google Scholar 

  25. Rogge-Solti, A., Senderovich, A., Weidlich, M., Mendling, J., Gal, A.: In log and model we trust? A generalized conformance checking framework. In: BPM. LNCS, vol. 9850, pp. 179–196. Springer, Cham (2016)

    Google Scholar 

  26. Steeman, W.: BPI challenge 2013, closed problems (2013). https://doi.org/10.4121/uuid:c2c3b154-ab26-4b31-a0e8-8f2350ddac11

  27. Van Der Aalst, W.: Process Mining: Data Science in Action, vol. 2. Springer, Cham (2016)

    Google Scholar 

  28. Nuñez von Voigt, S., et al.: Quantifying the re-identification risk of event logs for process mining: empirical evaluation paper. In: CAiSE, pp. 252–267. Springer, Cham (2020)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the German Federal Ministry of Education and Research (BMBF), grant number 16DII133 (Weizenbaum-Institute).

Author information

Authors and Affiliations

  1. Humboldt-Universität zu Berlin, Berlin, Germany

    Henrik Kirchmann, Stephan A. Fahrenkrog-Petersen & Matthias Weidlich

  2. Weizenbaum Institute for the Networked Society, Berlin, Germany

    Stephan A. Fahrenkrog-Petersen

  3. Eindhoven University of Technology, Eindhoven, The Netherlands

    Felix Mannhardt

Authors
  1. Henrik Kirchmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephan A. Fahrenkrog-Petersen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Felix Mannhardt
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Matthias Weidlich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Henrik Kirchmann .

Editor information

Editors and Affiliations

  1. Universidade de Lisboa, Lisbon, Portugal

    José Borbinha

  2. University of Twente, Enschede, The Netherlands

    Tiago Prince Sales

  3. Universidade de Lisboa, Lisbon, Portugal

    Miguel Mira Da Silva

  4. TU Wien, Vienna, Austria

    Henderik A. Proper

  5. TU Wien, Vienna, Austria

    Marianne Schnellmann

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kirchmann, H., Fahrenkrog-Petersen, S.A., Mannhardt, F., Weidlich, M. (2025). Control-Flow Reconstruction Attacks on Business Process Models. In: Borbinha, J., Prince Sales, T., Da Silva, M.M., Proper, H.A., Schnellmann, M. (eds) Enterprise Design, Operations, and Computing. EDOC 2024. Lecture Notes in Computer Science, vol 15409. Springer, Cham. https://doi.org/10.1007/978-3-031-78338-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-78338-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-78337-1

  • Online ISBN: 978-3-031-78338-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics