Computer Integrated Manufacturing System ›› 2025, Vol. 31 ›› Issue (5): 1672-1683.DOI: 10.13196/j.cims.2024.BPM17

Previous Articles     Next Articles

Business process anomaly detection combining data flow and control flow drift discovery

SUN Jinyong1,XU Qian1+,WEN Lijie2,DENG Wenwei1,MA Ruiyang1   

  1. 1.Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology
    2.School of Software,Tsinghua University
  • Online:2025-05-31 Published:2025-06-06
  • Supported by:
    Project supported by the National Natural Science Foundation,China(No.61862016,61961007,62006058),the Natural Science Foundation of the Guangxi Zhuang Autonomous Region,China(No.2019GXNSFBA245049),and the Guangxi Key Laboratory of Trusted Software,China(No.KX202205).

结合数据流和控制流漂移发现的业务过程异常检测方法

孙晋永1,许乾1+,闻立杰2,邓文伟1,马瑞阳1   

  1. 1.桂林电子科技大学广西可信软件重点实验室
    2.清华大学软件学院
  • 作者简介:
    孙晋永(1978-),男,山东枣庄人,副教授,博士,研究方向:业务过程管理、机器学习,E-mail:sunjy@guet.edu.cn;

    +许乾(1998-),男,河南开封人,硕士研究生,研究方向:业务过程管理、深度学习,通讯作者,E-mail:1398039775@qq.com;

    闻立杰(1977-),男,河北唐山人,副教授,博士,研究方向:工作流技术、流程数据管理;

    邓文伟(1996-),男,湖南邵阳人,硕士研究生,研究方向:业务过程管理、机器学习;

    马瑞阳(1998-),男,广西贵港人,硕士研究生,研究方向:业务过程管理。
  • 基金资助:
    国家自然科学基金资助项目(61862016,61961007,62006058);广西自然科学基金资助项目(2019GXNSFBA245049);广西可信软件重点实验室资助项目(KX202205)。

PDF

Abstract: The existing methods for business process anomaly detection cannot discover potential data flow drift that may occur in the business process model,and will classify reasonable data flow drift cases as abnormal cases,thereby reducing the accuracy of anomaly detection.A method for business process anomaly detection that combined data flow and control flow drift detection was proposed.Event attributes (data flow) in the event log were treated in the same way as the event names (control flow).A onehot encoding was used to uniformly encode them to obtain a case feature dataset.Then,an event attribute prediction model was built to obtain the probability distribution of all possible events and their attributes for the next event in the business process instance.Next,the above probability distribution was converted into anomaly scores to obtain candidate anomaly case sets.Then,the double-layer sliding window mechanism based on Hoeffding's inequality with concept drift ratio were used to identify the data flow and control flow drift cases from the candidate exception case set,and then the real exception cases are obtained.Finally,a cyclic update strategy was adopted using the obtained drift case set as new knowledge to update the event attribute prediction model,making the proposed method more accurate when detecting true business process anomalies.The simulation experiment results showed that the proposed method could accurately detect data flow drift in event logs,and achieve high anomaly detection accuracy for event logs containing data flow and control flow concept drifts by comparing to existing methods for business process anomaly detection.

Key words: business process anomaly detection, data flow drift, event attributes, concept drift ratio, model update

摘要: 现有的业务过程异常检测方法不能发现业务过程模型可能发生的数据流漂移,会将合理的数据流漂移案例判定为异常案例,降低了异常检测的准确性。因此,提出一种结合数据流和控制流漂移发现的业务过程异常检测方法。首先,将事件日志中的事件名(即控制流)与其他事件属性(即数据流)一样看待,使用独热编码对其进行统一编码,得到案例特征数据集。然后,构建事件属性预测模型来获取业务过程实例的下一事件的所有可能发生事件及其属性的概率分布。进一步,将以上概率分布转换为异常评分,得到候选异常案例集。接着,使用基于霍夫丁不等式的双层滑动窗口机制、概念漂移比率从候选异常案例集中识别出数据流、控制流漂移案例,进而得到真正的异常案例。最后,采用循环更新策略,使用得到的漂移案例集作为新知识来更新事件属性预测模型,使得所提出的方法更准确地检测出真正的业务过程异常。仿真实验结果表明,相比现有的业务过程异常检测方法,所提出的方法能够较准确地发现事件日志中的数据流漂移,对于包含数据流和控制流漂移的事件日志可以获得较高的异常检测准确性。

关键词: 业务过程异常检测, 数据流漂移, 事件属性, 概念漂移比率, 模型更新

CLC Number: 

京ICP备12012770号-3
Copyright © Computer Integrated Manufacturing System
Powered by Beijing Magtech Co., Ltd.
Total visitors:
Visitors of today:
Now online: