3,316 research outputs found
All That Glitters Is Not Gold: Towards Process Discovery Techniques with Guarantees
The aim of a process discovery algorithm is to construct from event data a
process model that describes the underlying, real-world process well.
Intuitively, the better the quality of the event data, the better the quality
of the model that is discovered. However, existing process discovery algorithms
do not guarantee this relationship. We demonstrate this by using a range of
quality measures for both event data and discovered process models. This paper
is a call to the community of IS engineers to complement their process
discovery algorithms with properties that relate qualities of their inputs to
those of their outputs. To this end, we distinguish four incremental stages for
the development of such algorithms, along with concrete guidelines for the
formulation of relevant properties and experimental validation. We will also
use these stages to reflect on the state of the art, which shows the need to
move forward in our thinking about algorithmic process discovery.Comment: 13 pages, 4 figures. Submitted to the International Conference on
Advanced Information Systems Engineering, 202
Leveraging artificial intelligence for business process management (extended abstract) : A contribution to reference model mining, predictive process monitoring, and process discovery
Artificial intelligence for business process managmen
Recommended from our members
What's in a name? the UK newspapers' fabrication and commodification of Foxy Knoxy
This chapter analyses how, immediately after the arrest of Amanda Knox, the UK’s national press played a pivotal role in transforming the American student into ‘Foxy Knoxy’, the duplicitous, psychologically disturbed femme fatale who orchestrated and participated in the sexually motivated murder of her flatmate, Meredith Kercher. This case exemplifies what happens when UK reporting restrictions do not apply, leaving journalists free to employ imaginative practices to create the infotainment spectacle that ‘Foxy Knoxy’ became and to ignore her legal right to a presumption of innocence. It is also the first example of journalists mining suspects’ social media sites and re-contextualising their text and images to provide ‘evidential’ sources of a guilty persona
A systematic survey of online data mining technology intended for law enforcement
As an increasing amount of crime takes on a digital aspect, law enforcement bodies must tackle an online environment generating huge volumes of data. With manual inspections becoming increasingly infeasible, law enforcement bodies are optimising online investigations through data-mining technologies. Such technologies must be well designed and rigorously grounded, yet no survey of the online data-mining literature exists which examines their techniques, applications and rigour. This article remedies this gap through a systematic mapping study describing online data-mining literature which visibly targets law enforcement applications, using evidence-based practices in survey making to produce a replicable analysis which can be methodologically examined for deficiencies
A pro-active approach to curb asset theft at a South African mine
The South African mining industry has not been shielded from the criminal threat the
country faces. In this case study, the nature and extent of asset theft at one of the
largest mining companies in South Africa is analysed. The crime prevention strategy
adopted by the mine to curb asset theft was studied over a period of five years. This
involved a survey of the views of the security managers on the effectiveness of the
strategy implemented by the mine. Against the background of the South African
Government’s broad description of the crime prevention approach adopted by the
country, the researcher explored whether it would be practicable to implement an
integrated crime prevention strategy – encompassing situational, social and law
enforcement crime prevention approaches on primary, secondary and tertiary level – at
the participating mine in order to curb asset theft.Police PracticeM. Tech. (Policing
A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)
The insider threat problem is extremely challenging to address, as it is committed by insiders who are
trusted and authorized to access the information resources of the organization. The problem is further
complicated by the multifaceted nature of insiders, as human beings have various motivations and
fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders.
Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This
research presents a novel insider threat prevention and prediction model, combining several approaches,
techniques and tools from the fields of computer science and criminology. The model is a Privacy-
Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is
predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements
present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive),
opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious
employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals
tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards
maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the
elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud
Diamond similar to crimes committed within the physical landscape.
The model intends to act within context, which implies that when the model offers predictions about threats,
it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information
about insiders for the purposes of prediction, there is a need to collect current information, as the motives
and behaviours of humans are transient. Context-aware systems are used in the model to collect current
information about insiders related to motive and ability as well as to determine whether insiders exploit any
opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any
rationalizations the insider may have via neutralization mitigation, thus preventing the insider from
committing a future crime. However, the model collects private information and involves entrapment that
will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel
they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this
thesis argues that an insider prediction model must be privacy-preserving in order to prevent further
cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from
being tempted to commit a crime in future.
The model involves four major components: context awareness, opportunity facilitation, neutralization
mitigation and privacy preservation. The model implements a context analyser to collect information related
to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan.
The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes
and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs
keystroke and linguistic features based on typing patterns to collect information about any change in an
insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime.
Research demonstrates that most of the insiders who have committed a crime have experienced a negative
emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers
without their consent or denial of a wage increase. However, there may also be personal problems such as a
divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who
may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the
change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those
individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model
also assesses the capability of insiders to commit a planned attack based on their usage of computer
applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and
skill as well as assessing the number of systems errors and warnings generated while using the applications.
The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a
motivated and capable insider will exploit any opportunity in the organization involving a criminal act.
Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an
implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of
nullifying the rationalizations that the insider may have had for committing the crime. All information about
insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders.
The model also intends to identify any new behaviour that may result during the course of implementation.
This research contributes to existing scientific knowledge in the insider threat domain and can be used as a
point of departure for future researchers in the area. Organizations could use the model as a framework to
design and develop a comprehensive security solution for insider threat problems. The model concept can
also be integrated into existing information security systems that address the insider threat problemInformation ScienceD. Phil. (Information Systems
- …