Skip to main content
SpringerLink
Log in
Book cover

International Conference on Business Process Management

BPM 2018: Business Process Management pp 271–287Cite as

BINet: Multivariate Business Process Anomaly Detection Using Deep Learning

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11080))

Abstract

In this paper, we propose BINet, a neural network architecture for real-time multivariate anomaly detection in business process event logs. BINet has been designed to handle both the control flow and the data perspective of a business process. Additionally, we propose a heuristic for setting the threshold of an anomaly detection algorithm automatically. We demonstrate that BINet can be used to detect anomalies in event logs not only on a case level, but also on event attribute level. We compare BINet to 6 other state-of-the-art anomaly detection algorithms and evaluate their performance on an elaborate data corpus of 60 synthetic and 21 real life event logs using artificial anomalies. BINet reached an average \(F_1\) score over all detection levels of 0.83, whereas the next best approach, a denoising autoencoder, reached only 0.74. This \(F_1\) score is calculated over two different levels of detection, namely case and attribute level. BINet reached 0.84 on case and 0.82 on attribute level, whereas the next best approach reached 0.78 and 0.71 respectively.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://github.com/tnolle/binet.

  2. 2.

    http://www.win.tue.nl/bpi/doku.php?id=2012:challenge.

  3. 3.

    http://www.win.tue.nl/bpi/doku.php?id=2013:challenge.

  4. 4.

    http://www.win.tue.nl/bpi/doku.php?id=2015:challenge.

  5. 5.

    http://www.win.tue.nl/bpi/doku.php?id=2017:challenge.

  6. 6.

    https://tensorflow.org.

  7. 7.

    http://numpy.org.

  8. 8.

    http://scikit-learn.org.

References

  1. van der Aalst, W.M.P.: Process Mining: Data Science in Action. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49851-4

    Book  Google Scholar 

  2. Bezerra, F., Wainer, J.: Anomaly detection algorithms in logs of process aware systems. In: Proceedings of the 2008 ACM Symposium on Applied Computing, pp. 951–952. ACM (2008)

    Google Scholar 

  3. Bezerra, F., Wainer, J.: Algorithms for anomaly detection of traces in logs of process aware information systems. Inf. Syst. 38(1), 33–44 (2013)

    Article  Google Scholar 

  4. Bezerra, F., Wainer, J., van der Aalst, W.M.P.: Anomaly detection using process mining. In: Halpin, T., et al. (eds.) BPMDS/EMMSAD -2009. LNBIP, vol. 29, pp. 149–161. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01862-6_13

    Chapter  Google Scholar 

  5. Böhmer, K., Rinderle-Ma, S.: Multi-perspective anomaly detection in business process execution events. In: Debruyne, C., et al. (eds.) Move to Meaningful Internet Systems. LNCS, pp. 80–98. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48472-3_5

    Chapter  Google Scholar 

  6. Burattin, A.: PLG2: multiperspective processes randomization and simulation for online and offline settings. arXiv:1506.08415 (2015)

  7. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. 24(5), 823–839 (2012)

    Article  Google Scholar 

  8. Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv:1406.1078 (2014)

  9. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)

    MATH  Google Scholar 

  10. Evermann, J., Rehse, J.-R., Fettke, P.: A deep learning approach for predicting process behaviour at runtime. In: Dumas, M., Fantinato, M. (eds.) BPM 2016. LNBIP, vol. 281, pp. 327–338. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58457-7_24

    Chapter  Google Scholar 

  11. Evermann, J., Rehse, J.R., Fettke, P.: Predicting process behaviour using deep learning. Decis. Support Syst. 100, 129–140 (2017)

    Article  Google Scholar 

  12. Han, J., Pei, J., Kamber, M.: Data Mining: Concepts and Techniques. Elsevier, New York City (2011)

    MATH  Google Scholar 

  13. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  14. Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: International Conference on Machine Learning, pp. 448–456 (2015)

    Google Scholar 

  15. Japkowicz, N.: Supervised versus unsupervised binary-learning by feedforward neural networks. Mach. Learn. 42(1), 97–122 (2001)

    Article  Google Scholar 

  16. Kingma, D., Ba, J.: Adam: a method for stochastic optimization. arXiv:1412.6980 (2014)

  17. Malhotra, P., Ramakrishnan, A., Anand, G., Vig, L., Agarwal, P., Shroff, G.: LSTM-based encoder-decoder for multi-sensor anomaly detection. arXiv:1607.00148 (2016)

  18. Marchi, E., Vesperini, F., Eyben, F., Squartini, S., Schuller, B.: A novel approach for automatic acoustic novelty detection using a denoising autoencoder with bidirectional LSTM neural networks, April 2015

    Google Scholar 

  19. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv:1301.3781 (2013)

  20. Nolle, T., Luettgen, S., Seeliger, A., Mühlhäuser, M.: Analyzing business process anomalies using autoencoders. arXiv:1803.01092 (2018)

    Article  MathSciNet  Google Scholar 

  21. Nolle, T., Seeliger, A., Mühlhäuser, M.: Unsupervised anomaly detection in noisy business process event logs using denoising autoencoders. In: Calders, T., Ceci, M., Malerba, D. (eds.) DS 2016. LNCS (LNAI), vol. 9956, pp. 442–456. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46307-0_28

    Chapter  Google Scholar 

  22. Pimentel, M.A.F., Clifton, D.A., Clifton, L., Tarassenko, L.: A review of novelty detection. Sig. Process. 99, 215–249 (2014)

    Article  Google Scholar 

  23. Schölkopf, B., et al.: Support vector method for novelty detection. In: NIPS. vol. 12, pp. 582–588 (1999)

    Google Scholar 

  24. Tax, N., Verenich, I., La Rosa, M., Dumas, M.: Predictive business process monitoring with LSTM neural networks. In: Dubois, E., Pohl, K. (eds.) CAiSE 2017. LNCS, vol. 10253, pp. 477–492. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59536-8_30

    Chapter  Google Scholar 

  25. Tibshirani, R., Walther, G., Hastie, T.: Estimating the number of clusters in a data set via the gap statistic. J. R. Stat. Soc.: Ser. B (Stat. Methodol.) 63(2), 411–423 (2001)

    Article  MathSciNet  Google Scholar 

  26. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 133–145. IEEE (1999)

    Google Scholar 

  27. Wen, L., van der Aalst, W.M.P., Wang, J., Sun, J.: Mining process models with non-free-choice constructs. Data Min. Knowl. Disc. 15(2), 145–180 (2007)

    Article  MathSciNet  Google Scholar 

  28. Wressnegger, C., Schwenk, G., Arp, D., Rieck, K.: A close look on n-grams in intrusion detection: Anomaly detection vs. classification. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, pp. 67–76. AISec 2013. ACM (2013)

    Google Scholar 

Download references

Acknowledgements

This project [522/17-04] is funded in the framework of Hessen ModellProjekte, financed with funds of LOEWE, Förderlinie 3: KMU-Verbundvorhaben (State Offensive for the Development of Scientific and Economic Excellence), and by the German Federal Ministry of Education and Research (BMBF) Software Campus project “AI-PM” [01IS17050].

Author information

Authors and Affiliations

  1. Telecooperation Lab, Technische Universität Darmstadt, Darmstadt, Germany

    Timo Nolle, Alexander Seeliger & Max Mühlhäuser

Authors
  1. Timo Nolle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Seeliger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Max Mühlhäuser
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Timo Nolle .

Editor information

Editors and Affiliations

  1. Hasso-Plattner-Institute, University of Potsdam, Potsdam, Germany

    Mathias Weske

  2. Free University of Bozen Bolzano, Bolzano, Italy

    Marco Montali

  3. Data61, CSIRO, Eveleigh, NSW, Australia

    Ingo Weber

  4. University of Liechtenstein, Vaduz, Liechtenstein

    Jan vom Brocke

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nolle, T., Seeliger, A., Mühlhäuser, M. (2018). BINet: Multivariate Business Process Anomaly Detection Using Deep Learning. In: Weske, M., Montali, M., Weber, I., vom Brocke, J. (eds) Business Process Management. BPM 2018. Lecture Notes in Computer Science(), vol 11080. Springer, Cham. https://doi.org/10.1007/978-3-319-98648-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98648-7_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98647-0

  • Online ISBN: 978-3-319-98648-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation