Differences

This shows you the differences between two versions of the page.

--- processmining [2017/10/19 18:03] – zannonen
+++ processmining [2021/03/05 16:13] (current) – external edit 127.0.0.1
@@ Line 6: / Line 6: @@
 The Security group mainly focus on extending and developing techniques that exploit process-related data for auditing user behavior. Our main contributions include:
-**History-based conformance checking:** There may exist a number of explanations why a process execution is not conforming. In these works, we discuss how probable explanations for non-conformity between a process execution and a process model can be constructed and how they can be ranked with respect to their criticality.
+{{ http://security1.win.tue.nl/images/prom.png?200}}
+**History-based conformance checking:** There may exist a number of explanations why a process execution is not conforming.
+Alignment-based conformance checking techniques pinpoint the deviations causing nonconformity based on a cost
+function. However, such a cost function is often manually defined on the basis of human judgment and thus error-prone, leading to alignments that do not provide the most probable explanations of nonconformity.
+We have proposed an approach to automatically define the cost function
+based on information extracted from the past process executions.
+In particular, we have investigated discuss how probable explanations for non-conformity between a process execution and a process model can be constructed and how they can be ranked with respect to their criticality. \\
+\\
-{{http://security1.win.tue.nl/images/esub1.png?100}}
-**Discovering frequent anomalous patterns:** Classic conformance checking techniques derive low-level deviations occurred in every single process execution. However, an analysts may have more interest in knowing diagnostics at a higher-level of granularity. In this work, we focus on providing the analyst with a “deviations dashboard”, reporting analytics and interesting trends regarding the occurred deviations. More precisely, we extract anomalous frequent patterns representing recurrent deviations from historical logging data. These patterns describe portion of process executions involving recurrent deviant behaviors which tend to occur together, thus providing the analyst with valuable insights about deviations in past process execution.
+{{ http://security1.win.tue.nl/images/esub1.png?310}}
+**Discovering frequent anomalous patterns:** Classic conformance checking techniques derive low-level deviations occurred in every single process execution. However, an analysts may have more interest in knowing diagnostics at a higher-level of granularity. In this work, we focus on providing an analyst with a “deviations dashboard”, reporting analytics and interesting trends regarding the occurred deviations. More precisely, we extract anomalous frequent patterns representing recurrent deviations from historical logging data. These patterns describe portion of process executions involving recurrent deviant behaviors which tend to occur together, thus providing the analyst with valuable insights about deviations in past process execution.  \\
+\\
+{{ http://security1.win.tue.nl/images/inter-level-alignments.png?280}}
-**Linking data and process perspectives for deviation analysis:** Analyzing user behavior from process or data perspectives independently, may not be sufficient to expose illegitimate data accesses. Thus, infringements may remain undetected or diagnosed incorrectly. In this work, we analyze user behavior with respect to both data and process perspectives.
+**Linking data and process perspectives for deviation analysis:** The detection of data breaches has become a major challenge for most organizations.
+The problem lies in that fact that organizations often lack proper mechanisms to control
+and monitor users’ activities and their data usage. Although several auditing approaches
+have been proposed to assess the compliance of actual executed behavior, existing
+approaches focus on either checking data accesses against security policies (data
+perspective) or checking user activities against the activities needed to conduct business
+processes (process perspective). Analyzing user behavior from these perspectives
+independently may not be sufficient to expose security incidents. We have studied how analyze user behavior with respect to both data and process perspectives.
 == References: ==
-  - Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365
+  - Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365 [[http://zannone.win.tue.nl/publication/ALIZ-deLE-ZANN-15-CIDM.pdf|PDF]]
-  - Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: History-Based Construction of Alignments for Conformance Checking: Formalization and Implementation. SIMPDA (Revised Selected Papers) 2014: 58-78
+  - Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: History-Based Construction of Alignments for Conformance Checking: Formalization and Implementation. SIMPDA (Revised Selected Papers) 2014: 58-78 [[http://zannone.win.tue.nl/publication/ALIZ-deLE-ZANN-14-SIMPDA-PostProc.pdf|PDF]]
-  - Mahdi Alizadeh and Nicola Zannone. Risk-based analysis of business process executions. In Proceedings of ACM Conference on Data and Application Security and Privacy, pages 130–132. ACM, 2016.
+  - Mahdi Alizadeh and Nicola Zannone. Risk-based analysis of business process executions. In Proceedings of ACM Conference on Data and Application Security and Privacy, pages 130–132. ACM, 2016. [[http://zannone.win.tue.nl/publication/ALIZ-ZANN-16-CODASPY.pdf|PDF]]
-  - Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197
+  - Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197 [[http://zannone.win.tue.nl/publication/GENG-POTE-MART-ALIZ-DIAM-ZANN-16-NFmcp.pdf|PDF]]
-  - Laura Genga, Mahdi Alizadeh, Domenico Potena, Claudia Diamantini, and Nicola Zannone. Discovering Anomalous Frequent Pattern From Partially Ordered Event Logs.
+  - Laura Genga, Mahdi Alizadeh, Domenico Potena, Claudia Diamantini, Nicola Zannone: APD tool: Mining Anomalous Patterns from Event Logs. BPM (Demos) 2017 [[http://ceur-ws.org/Vol-1920/BPM_2017_paper_186.pdf|PDF]]
-  - Laura Genga, Mahdi Alizadeh, Domenico Potena, Claudia Diamantini, Nicola Zannone: APD tool: Mining Anomalous Patterns from Event Logs. BPM (Demos) 2017
+  - Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Privacy Analysis of User Behavior Using Alignments. it - Information Technology 55(6): 255-260 (2013) [[http://zannone.win.tue.nl/publication/ADRI-BOUD-ZANN-13-IT.pdf|PDF]]
-  - Mahdi Alizadeh, Xixi Lu, Dirk Fahland, Nicola Zannone, Wil M. P. van der Aalst. Linking Data and Process Perspectives for Deviation Analysis
+  - Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611 [[http://zannone.win.tue.nl/publication/ADRI-BOUD-ZANN-13-PASSAT.pdf|PDF]]
-  - Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Privacy Analysis of User Behavior Using Alignments. it - Information Technology 55(6): 255-260 (2013)
+  - Sebastian Banescu, Milan Petkovic, Nicola Zannone: Measuring Privacy Compliance Using Fitness Metrics. BPM 2012: 114-119 [[http://zannone.win.tue.nl/publication/BANE-PETK-ZANN-12-BPM.pdf|PDF]]
-  - Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611
-  - Sebastian Banescu, Milan Petkovic, Nicola Zannone: Measuring Privacy Compliance Using Fitness Metrics. BPM 2012: 114-119