Method for Detecting Anomalous States of a Control Object in Information Systems Based on the Analysis of Temporal Data and Knowledge

The problem of finding the anomalous states of the control object in the management information system under conditions of uncertainty caused by the incompleteness of knowledge about this object is considered. The method of classifying the current state of the control object in real time, allowing to identify the current anomalous state. The method uses temporal data and knowledge. Data is represented by sequences of events with timestamps. Knowledge is represented as weighted temporal rules and constraints. The method includes the following key phases: the formation of sequences of logical facts; selection of temporal rules and constraints; classification based on a comparison of rules and constraints. Logical facts are represented as predicates on event attributes and reflect the state of the control object. Logical rules define valid sequences of logical facts. Performing a classification by successive comparisons of constraints and weights of the rules makes it possible to more effectively identify the anomalous state since the comparison of the constraints reduces the subset of facts comparing to the current state. The method creates conditions for improving management efficiency in the context of incomplete information on the state of a complex object by using logical inference in knowledge bases for anomalous states of such control objects

Method For Detecting Shilling Attacks In E-commerce Systems Using Weighted Temporal Rules

The problem of shilling attacks detecting in e-commerce systems is considered. The purpose of such attacks is to artificially change the rating of individual goods or services by users in order to increase their sales. A method for detecting shilling attacks based on a comparison of weighted temporal rules for the processes of selecting objects with explicit and implicit feedback from users is proposed. Implicit dependencies are specified through the purchase of goods and services. Explicit feedback is formed through the ratings of these products. The temporal rules are used to describe hidden relationships between the choices of user groups at two consecutive time intervals. The method includes the construction of temporal rules for explicit and implicit feedback, their comparison, as well as the formation of an ordered subset of temporal rules that capture potential shilling attacks. The method imposes restrictions on the input data on sales and ratings, which must be ordered by time or have timestamps. This method can be used in combination with other approaches to detecting shilling attacks. Integration of approaches allows to refine and supplement the existing attack patterns, taking into account the latest changes in user priorities

Development of a Method for the Probabilistic Inference of Sequences of a Business Process Activities to Support the Business Process Management

Models of temporal rules of execution of the business process actions were proposed for the use in absence in the process model of complete information on the reasons for execution of these actions caused by interference of the work executors. The rules are formed on the basis of analysis of the sequence of events in the business process log which makes it possible to determine temporal conditions and constraints on execution of the corresponding actions. The rule models can be applied as an element of knowledge representation for the process management system since they reflect experience of the business process execution recorded in the log. The use of rules allows one to limit the number of possible versions of execution of the business process taking into account its current state. As a result, the time of making decisions on the process management is reduced for the case of contradiction between the current version of the business process and the model.A new method of probabilistic inference was proposed that uses the presented rules to form new, admissible sequences of actions in an atypical situation that arose as a result of adjustment of the business process by its executors. The method applies knowledge representations based on the Markov logic network which makes it possible to arrange new sequences of actions according to the probability of their execution using weighed temporal rules. Use of a combination of rules for pairs of sequential and spaced in time actions ensures higher accuracy of calculating the probability of execution of new business process versions. The proposed method takes into account information from the event log when rules are supplemented. This enables continuous supplementing of rules in execution of the business process. The above enables practical real­time application of the method in automated formation and expansion of knowledge bases for the process management systems