Abstract
While a business process is most often executed following a normal path, anomalies may sometimes arise and can be captured in event logs. Event log anomalies stem, for instance, from system malfunctioning or unexpected behavior of human resources involved in a process. To identify and possibly fix these, anomaly detection has emerged recently as a key discipline in process mining. In the paper, the authors present a systematic review of the literature on business process event log anomaly detection. The review aims at selecting systematically studies in the literature that have tackled the issue of event log anomaly detection, classifying existing approaches based on criteria emerging from previous literature reviews, and identifying those research directions in this field that have not been explored extensively. Based on the results of the review, the authors argue that future research should look more specifically into anomaly detection on event streams, extending the number of event log attributes considered to determine anomalies, and producing more standard labeled datasets to benchmark the techniques proposed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The BPIC event logs are available at
(i) BPIC2012: https://doi.org/10.4121/uuid:3926db30-f712-4394-aebc-75976070e91f,
(ii) BPIC2013: https://doi.org/10.4121/uuid:a7ce5c55-03a7-4583-b855-98b86e1a2b07,
(iii) BPIC2015: https://doi.org/10.4121/uuid:31a308ef-c844-48da-948c-305d167a0ec1,
(iv) BPIC2017: https://doi.org/10.4121/uuid:3926db30-f712-4394-aebc-75976070e91f,
and (v) BPIC2018: https://doi.org/10.4121/uuid:3301445f-95e8-4ff0-98a4-901f1f204972.
Available at https://www.cs.unm.edu/~immsec/data/live-lpr.html.
Available at https://www.bugzilla.org/.
References
Aggarwal CC (2017) An introduction to outlier analysis. In: Aggarwal CC (ed) Outlier analysis. Springer, Heidelberg, pp 1–34
Andrews R, Wynn MT, Vallmuur K, Ter Hofstede AH, Bosley E, Elcock M, Rashford S (2019) Leveraging data quality to better prepare for process mining: an approach illustrated through analysing road trauma pre-hospital retrieval and transport processes in queensland. Int J Environ Res Pub Health 16(7):1138
Bao L, Li Q, Lu P, Lu J, Ruan T, Zhang K (2018) Execution anomaly detection in large-scale systems through console log analysis. J Syst Softw 143:172–186
Bezerra F, Wainer J (2011) Fraud detection in process aware systems. Int J Bus Process Integ Manag 5(2):121–129
Bezerra F, Wainer J (2013) Algorithms for anomaly detection of traces in logs of process aware information systems. Inf Syst 38(1):33–44
Bezerra F, Wainer J, van der Aalst WMP (2009) Anomaly detection using process mining. Enterprise, business-process and information systems modeling. Springer, Heidelberg, pp 149–161
Böhmer K, Rinderle-Ma S (2016) Multi-perspective anomaly detection in business process execution events. Otm confederated international conferences on the move to meaningful internet systems. Springer, Heidelberg, pp 80–98
Böhmer K, Rinderle-Ma S (2017) Anomaly detection in business process runtime behavior–challenges and limitations. arXiv preprint arXiv:1705.06659
Böhmer K, Rinderle-Ma S (2020) Mining association rules for anomaly detection in dynamic process runtime behavior and explaining the root cause to users. Inf Syst 90(101):438
Boldt M, Borg A, Ickin S, Gustafsson J (2020) Anomaly detection of event sequences using multiple temporal resolutions and markov chains. Knowl Inf Syst 62(2):669–686
Burattin A, Carmona J (2017) A framework for online conformance checking. International conference on business process management. Springer, Heidelberg, pp 165–177
Carmona J, van Dongen B, Solti A, Weidlich M (2018) Conformance checking. Springer, Heidelberg
Chandola V, Banerjee A, Kumar V (2010) Anomaly detection for discrete sequences: a survey. IEEE Transact Knowld Data Eng 24(5):823–839
Choi S, Youm S, Kang YS (2019) Development of scalable on-line anomaly detection system for autonomous and adaptive manufacturing processes. Appl Sci 9(21):4502
Cuzzocrea A, Folino F, Guarascio M, Pontieri L (2018) Deviance-aware discovery of high-quality process models. Int J Artific Intell Tool 27(07):1860009
da Silva CE, da Silva JDS, Paterson C, Calinescu R (2017) Self-adaptive role-based access control for business processes. In: 2017 IEEE/ACM 12th international symposium on software engineering for adaptive and self-managing systems (SEAMS). IEEE, pp 193–203
Di Francescomarino C, Ghidini C, Maggi FM, Milani F (2018) Predictive process monitoring methods: Which one suits me best? International conference on business process management. Springer, Heidelberg, pp 462–479
van Dongen BF, Carmona J, Chatain T (2016) A unified approach for measuring precision and generalization based on anti-alignments. International conference on business process management. Springer, Heidelberg, pp 39–56
Dumas M, La Rosa M, Mendling J, Reijers HA et al (2013) Fundamentals of business process management, vol 1. Springer, Heidelberg
Flach P (2012) Machine learning: the art and science of algorithms that make sense of data. Cambridge University Press, Cambridge
Folino F, Greco G, Guzzo A, Pontieri L (2011) Mining usage scenarios in business processes: Outlier-aware discovery and run-time prediction. Data Knowl Eng 70(12):1005–1029
Galanti R, Coma-Puig B, de Leoni M, Carmona J, Navarin N (2020) Explainable predictive process monitoring. In: 2020 2nd international conference on process mining (ICPM). IEEE, pp 1–8
Ghosh AK, Schwartzbard A (2000) Analyzing the performance of program behavior profiling for intrusion detection. Research advances in database and information systems security. Springer, Heidelberg, pp 19–32
Gupta N, Anand K, Sureka A (2015) Pariket: mining business process logs for root cause analysis of anomalous incidents. International workshop on databases in networked information systems. Springer, Heidelberg, pp 244–263
Han J, Pei J, Mortazavi-Asl B, Pinto H, Chen Q, Dayal U, Hsu M (2001) Prefixspan: mining sequential patterns efficiently by prefix-projected pattern growth. In: Proceedings of the 17th international conference on data engineering. Citeseer, pp 215–224
Harl M, Weinzierl S, Stierle M, Matzner M (2020) Explainable predictive business process monitoring using gated graph neural networks. J Decis Syst 29(sup1):312–327
Hodge V, Austin J (2004) A survey of outlier detection methodologies. Artific Intell Rev 22(2):85–126
Huang Z, Dong W, Ji L, Yin L, Duan H (2015) On local anomaly detection and analysis for clinical pathways. Artific Intell Med 65(3):167–177
Huda S, Sarno R, Ahmad T (2016) Increasing accuracy of process-based fraud detection using a behavior model. Int J Softw Eng Appl 10(5):175–188
Huynh VH, Le AN (2012) Process mining and security: visualization in database intrusion detection. Pacific-Asia workshop on intelligence and security informatics. Springer, Heidelberg, pp 81–95
Junior SB, Ceravolo P, Damiani E, Omori NJ, Tavares GM (2020) Anomaly detection on event logs with a scarcity of labels. In: 2020 2nd international conference on process mining (ICPM). IEEE, pp 161–168
Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering. Tech. rep., EBSE Technical Report EBSE-2007-01
Ko J, Comuzzi M (2021) Detecting anomalies in business process event logs using statistical leverage. Inf Syst 549:53–67
Ko J, Comuzzi M (2022) Keeping our rivers clean: Information-theoretic online anomaly detection for streaming business process events. Inf Syst 104(101):894
Kolosova AA, Lomazova IA (2019) Detection of anomalies in the criminal proceedings based on the analysis of event logs. International conference on analysis of images, social networks and texts. Springer, Heidelberg, pp 401–410
Koschmider A, Kaczmarek K, Krause M, Zelst SJv, (2021) Demystifying noise and outliers in event logs: review and future directions. In: International conference on business process management. Springer, Heidelberg, pp 123–135
Li Guangming, van der Aalst Wil M.P. (2017) A framework for detecting deviations in complex event logs. Intell Data Anal 21(4):759–779. https://doi.org/10.3233/IDA-160044
Li X, Xue Y, Malin B (2012) Detecting anomalous user behaviors in workflow-driven web applications. In: 2012 IEEE 31st symposium on reliable distributed systems. IEEE, pp 1–10
Lillegraven TN, Wolden AC (2010) Design of a bayesian recommender system for tourists presenting a solution to the cold-start user problem. Master’s thesis, Institutt for datateknikk og informasjonsvitenskap
Linn C, Werth D (2016) Sequential anomaly detection techniques in business processes. International conference on business information systems. Springer, Heidelberg, pp 196–208
Myers D, Suriadi S, Radke K, Foo E (2018) Anomaly detection for industrial control systems using process mining. Comput Secur 78:103–125
Nguyen HTC, Lee S, Kim J, Ko J, Comuzzi M (2019) Autoencoders for improving quality of process event logs. Expert Syst Appl 131:132–147
Nolle T, Luettgen S, Seeliger A, Mühlhäuser M (2018) Analyzing business process anomalies using autoencoders. Mach Learn 107(11):1875–1893
Nolle T, Luettgen S, Seeliger A, Mühlhäuser M (2019) Binet: multi-perspective business process anomaly classification. Inf Syst 101458
Nolle T, Seeliger A, Thoma N, Mühlhäuser M (2020) Deepalign: alignment-based process anomaly correction using recurrent neural networks. International conference on advanced information systems engineering. Springer, Heidelberg, pp 319–333
Omair B, Alturki A (2020) A systematic literature review of fraud detection metrics in business processes. IEEE Access 8:26893–26903
Pauwels S, Calders T (2019) An anomaly detection technique for business processes based on extended dynamic Bayesian networks. In: Proceedings of the 34th ACM/SIGAPP symposium on applied computing, pp 494–501
Pimentel MA, Clifton DA, Clifton L, Tarassenko L (2014) A review of novelty detection. Signal Process 99:215–249
Rama-Maneiro E, Vidal J, Lama M (2021) Deep learning for predictive business process monitoring: review and benchmark. IEEE Transact Service Comput
Ribeiro CE, Zárate LE (2016) Data preparation for longitudinal data mining: a case study on human ageing. J Inf Data Manag 7(2):116–116
Riera TS, Higuera JRB, Higuera JB, Herraiz JJM, Montalvo JAS (2020) Prevention and fighting against web attacks through anomaly detection technology. A systematic review. Sustain 12(12):1–45
Riveiro M, Pallotta G, Vespe M (2018) Maritime anomaly detection: a review. Wiley Interdisc Rev Data Min Knowl Discov 8(5):e1266
Rullo A, Guzzo A, Serra E, Tirrito E (2020) A framework for the multi-modal analysis of novel behavior in business processes. International conference on intelligent data engineering and automated learning. Springer, Heidelberg, pp 51–63
Saini V, Singh P, Sureka A (2020) Control-flow based anomaly detection in the bug-fixing process of open-source projects. In: Proceedings of the 13th innovations in software engineering conference on formerly known as India software engineering conference, pp 1–11
Sani MF, van Zelst SJ, van der Aalst WMP (2018) Repairing outlier behaviour in event logs. International conference on business information systems. Springer, Heidelberg, pp 115–131
Sani MF, van Zelst SJ, van der Aalst WMP (2019) Repairing outlier behaviour in event logs using contextual behaviour. Enterp Modell Inf Syst Architec (EMISAJ) 14:5–1
Saraeian S, Shirazi B (2020) Process mining-based anomaly detection of additive manufacturing process activities using a game theory modeling approach. Comput Indust Eng 146(106):584
Sarno R, Sinaga F, Sungkono KR (2020) Anomaly detection in business processes using process mining and fuzzy association rule learning. J Big Data 7(1):1–19
Schumann G, Kruse F, Nonnenmacher J (2020) A practice-oriented, control-flow-based anomaly detection approach for internal process audits. International conference on service-oriented computing. Springer, Heidelberg, pp 533–543
Setiawan W, Thounaojam Y, Narayan A (2020) Gwad: Greedy workflow graph anomaly detection framework for system traces. In: 2020 IEEE international conference on systems, man, and cybernetics (SMC). IEEE, pp 2790–2796
Singh K, Upadhyaya S (2012) Outlier detection: applications and techniques. Int J Comput Sci Issue (IJCSI) 9(1):307
Sureda Riera T, Bermejo Higuera JR, Bermejo Higuera J, Martínez Herraiz JJ, Sicilia Montalvo JA (2020) Prevention and fighting against web attacks through anomaly detection technology. A systematic review. Sustain 12(12):4945
Tavares GM, Barbon S (2020) Analysis of language inspired trace representation for anomaly detection. ADBIS, TPDL and EDA 2020 common workshops and doctoral consortium. Springer, Heidelberg, pp 296–308
Tavares GM, da Costa VGT, Martins VE, Ceravolo P, Barbon S Jr (2019) Leveraging anomaly detection in business process with data stream mining. iSys-Revista Brasileira de Sistemas de Informação 12(1):54–75
van der Aalst WMP (2011) Process discovery: an introduction. In: van der Aalst WMP (ed) Process mining. Springer, Heidelberg, pp 125–156
van der Aalst WMP (2016) Process mining: data science in action, vol 2. Springer, Heidelberg
van der Aalst WMP, de Medeiros AKA (2005) Process mining and security: detecting anomalous process executions and checking process conformance. Electron Notes Theor Comput Sci 121:3–21
van der Aalst WMP, Bichler M, Heinzl A (2018) Robotic process automation. Springer, Heidelberg
Vijayakamal M, Vasumathi D (2020) Unsupervised learning methods for anomaly detection and log quality improvement using process event log. Int J Adv Sci Technol 1109–1125
Witten IH, Frank E, Hall MA, Pal CJ, DATA M (2005) Practical machine learning tools and techniques. In: Data min, vol 2
van Zelst SJ, van Dongen BF, van der Aalst WMP (2018) Event stream-based process discovery using abstract representations. Knowl Inf Syst 54(2):407–435
van Zelst SJ, Sani MF, Ostovar A, Conforti R, La Rosa M (2020) Detection and removal of infrequent behavior from event streams of business processes. Inf Syst 90(101):451
vom Brocke J, Jans M, Mendling J, Reijers HA (2021) A five-level framework for research on process mining. Bus Inf Syst Eng 63(5):483–490
Zerbino P, Stefanini A, Aloini D (2021) Process science in action: a literature review on process mining in business management. Technol Forecast Soc Change 172(121):021
Zhu T, Guo Y, Ju A, Ma J, Wang X (2017) An insider threat detection method based on business process mining. Int J Bus Data Commun Netw (IJBDCN) 13(2):83–98
Author information
Authors and Affiliations
Corresponding author
Additional information
Accepted after 2 revision by Hajo Reijers.
Supplementary Information
Below is the link to the electronic supplementary material.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ko, J., Comuzzi, M. A Systematic Review of Anomaly Detection for Business Process Event Logs. Bus Inf Syst Eng 65, 441–462 (2023). https://doi.org/10.1007/s12599-023-00794-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12599-023-00794-y