Subgraph Mining for Anomalous Pattern Discovery in Event Logs

Conformance checking allows organizations to verify whether their IT system complies with the prescribed behavior by comparing process executions recorded by the IT system against a process model (representing the normative behavior). However, most of the existing techniques are only able to identify low-level deviations, which provide a scarce support to investigate what actually happened when a process execution deviates from the specification. In this work, we introduce an approach to extract recurrent deviations from historical logging data and generate anomalous patterns representing high-level deviations. These patterns provide analysts with a valuable aid for investigating nonconforming behaviors; moreover, they can be exploited to detect high-level deviations during conformance checking. To identify anomalous behaviors from historical logging data, we apply frequent subgraph mining techniques together with an ad-hoc conformance checking technique. Anomalous patterns are then derived by applying frequent items algorithms to determine highly-correlated deviations, among which ordering relations are inferred. The approach has been validated by means of a set of experiments

Measuring privacy compliance using fitness metrics

Nowadays, repurposing of personal data is a major privacy issue. Detection of data repurposing requires posteriori mechanisms able to determine how data have been processed. However, current a posteriori solutions for privacy compliance are often manual, leading infringements to remain undetected. In this paper, we propose a privacy compliance technique for detecting privacy infringements and measuring their severity. The approach quantifies infringements by considering a number of deviations from specifications (i.e., insertion, suppression, replacement, and re-ordering)

Measuring privacy compliance with process specifications

Enforcement relies on the idea that infringements are violations and as such should not be allowed. However, this notion is very restrictive and cannot be applied in unpredictable domains like healthcare. To address this issue, we need conformance metrics for detecting and quantifying infringements of policies and procedures. However, existing metrics usually consider every deviation from specifications equally making them inadequate to measure the severity of infringements. In this paper, we identify a number of factors which can be used to quantify deviations from process specifications. These factors drive the definition of metrics that allow for a more accurate measurement of privacy infringements. We demonstrate how the proposed approach can be adopted to enhance existing conformance metrics through a case study on the provisioning of healthcare treatment

System Abuse by Service Composition: Analysis and Prevention

We know that several chemicals can be combined to form explosives. Therefore, we do not want these to end up in airplanes together. Similarly, in the architecture of complex systems, it is often possible to combine the results of several system services to acquire illegitimate benefits or disrupt operation. For example, in what is called simboxing, telephone services are purchased from different providers, and a composite service is set up which redirects incoming calls to the service purchased from the target provider, bypassing interconnection fees. Due to their complex nature, such attacks are extremely hard to predict and prevent. This paper provides a first systematic description and classification of the phenomenon of system abuse by service composition, as well as an analysis to identify the most common types of attacks in the design phase. We employ attack trees to express ways to achieve the goal of obtaining a service at a cost lower than the regular amount charged. We use the purchase of railway tickets as a running example, where the atomic services are the rights to travel between two directly adjacent stations. These can potentially be composed in various ways to travel cheaper, for example where there are stations A, B, and C on a railway line, and a single ticket from B to A via C is cheaper than a return ticket from B to C. Our method provides the foundations for systematically discovering such issues.Infrastructures, Systems and ServicesTechnology, Policy and Managemen

Subgraph mining for anomalous pattern discovery in event logs

Conformance checking allows organizations to verify whether their IT system complies with the prescribed behavior by comparing process executions recorded by the IT system against a process model (representing the normative behavior). However, most of the existing techniques are only able to identify low-level deviations, which provide a scarce support to investigate what actually happened when a process execution deviates from the specification. In this work, we introduce an approach to extract recurrent deviations from historical logging data and generate anomalous patterns representing high-level deviations. These patterns provide analysts with a valuable aid for investigating nonconforming behaviors; moreover, they can be exploited to detect high-level deviations during conformance checking. To identify anomalous behaviors from historical logging data, we apply frequent subgraph mining techniques together with an ad-hoc conformance checking technique. Anomalous patterns are then derived by applying frequent items algorithms to determine highly-correlated deviations, among which ordering relations are inferred. The approach has been validated by means of a set of experiments

Association of TLR4 Rs4986791 Polymorphism and TLR9 Haplotypes with Acute Myeloid Leukemia Susceptibility: A Case-Control Study of Adult Patients

Toll-like receptors (TLRs) have an important role in innate immunity, and single nucleotide polymorphisms (SNPs) of TLR genes influence the risk of developing hematological malignancies. We aimed to evaluate the effect of TLR2 (rs5743708), TLR4 (rs11536889, rs4986790, rs4986791), TLR9 (rs187084, rs352140, rs5743836) on AML risk, the relation between investigated SNPs and somatic mutations, clinical features, and the overall survival of adult AML patients. All mentioned SNPs were genotyped in 511 AML cases and 503 healthy controls. DNMT3A (R882), FLT3 (D835, ITD), and NPM1 mutations’ status were investigated in AML patients. TLR4 rs4986791 was associated with an increased risk of AML under the dominant model (OR = 1.61, 95% CI: 1.001–2.59). Variant genotypes of the TLR4 rs4986790 or rs4986791 were associated with the odds of developing AML in the codominant model (OR = 3.14; 95% CI: 1.12–8.84; p = 0.032). The TLR9 rs5743836 variant genotype was associated with the NPM1 mutation (p = 0.002). The investigated SNPs were not associated with the DNMT3A, FLT3 mutations and had no significant contribution to the hazard of death after adjusting for covariates. Our findings suggest that TLR4 rs4986791 is associated with AML susceptibility. The combined variant genotypes of TLR4 rs4986790 and rs4986791 increase AML risk, the TLR9 C-G-A haplotype may represent a promising approach to predict a person’s risk for developing AML

Safety and efficacy of prothrombin complex concentrate as first-line treatment in bleeding after cardiac surgery

BACKGROUND: Bleeding after cardiac surgery requiring surgical reexploration and blood component transfusion is associated with increased morbidity and mortality. Although prothrombin complex concentrate (PCC) has been used satisfactorily in bleeding disorders, studies on its efficacy and safety after cardiopulmonary bypass are limited. METHODS: Between January 2005 and December 2013, 3454 consecutive cardiac surgery patients were included in an observational study aimed at investigating the efficacy and safety of PCC as first-line coagulopathy treatment as a replacement for fresh frozen plasma (FFP). Starting in January 2012, PCC was introduced as solely first-line treatment for bleeding following cardiac surgery. RESULTS: After one-to-one propensity score-matched analysis, 225 pairs of patients receiving PCC (median dose 1500 IU) and FFP (median dose 2 U) were included. The use of PCC was associated with significantly decreased 24-h post-operative blood loss (836 ± 1226 vs. 935 ± 583 ml, p < 0.0001). Propensity score-adjusted multivariate analysis showed that PCC was associated with significantly lower risk of red blood cell (RBC) transfusions (odds ratio [OR] 0.50; 95 % confidence interval [CI] 0.31-0.80), decreased amount of RBC units (β unstandardised coefficient -1.42, 95 % CI -2.06 to -0.77) and decreased risk of transfusion of more than 2 RBC units (OR 0.53, 95 % CI 0.38-0.73). Patients receiving PCC had an increased risk of post-operative acute kidney injury (AKI) (OR 1.44, 95 % CI 1.02-2.05) and renal replacement therapy (OR 3.35, 95 % CI 1.13-9.90). Hospital mortality was unaffected by PCC (OR 1.51, 95 % CI 0.84-2.72). CONCLUSIONS: In the cardiac surgery setting, the use of PCC compared with FFP was associated with decreased post-operative blood loss and RBC transfusion requirements. However, PCC administration may be associated with a higher risk of post-operative AKI

PERSONA : a personalized data protection framework

The European Directive on Data Protection recognizes the right of data subjects to control the usage of their information. However, to date there are no data protection solutions that involve data subjects in the definition and enforcement of data protection policies. In this paper we present the foundation of a novel approach to personalized data protection in which users play a central role in the authoring and enforcement of the policies governing the access and usage to their data. We discuss the challenges of designing a personalized data protection framework using personalized medicine as an illustrative scenario