On the use of hierarchical subtrace mining for efficient local process model mining

Mining local patterns of process behavior is a vital tool for the analysis of event data that originates from flexible processes, for which it is generally not possible to describe the behavior of the process in a single process model without overgeneralizing the behavior allowed by the process. Several techniques for mining such local patterns have been developed throughout the years, including Local Process Model (LPM) mining and the hierarchical mining of frequent subtraces (i.e., subprocesses). These two techniques can be considered to be orthogonal, i.e., they provide different types of insights on the behavior observed in an event log. As a consequence, it is often useful to apply both techniques to the data. However, both techniques can be computationally intensive, hindering data analysis. In this work, we explore how the output of a subtrace mining approach can be used to mine LPMs more efficiently. We show on a collection of real-life event logs that exploiting the ordering constraints extracted from subtraces lowers the computation time needed for LPM mining compared to state-of-the-art techniques, while at the same time mining higher quality LPMs. Additionally, by mining LPMs from subtraces, we can obtain a more structured and meaningful representation of subprocesses allowing for classic process-flow constructs such as parallel ordering, choices, and loops, besides the precedence relations shown by subtraces.</p

Mitigating Privilege Misuse in Access Control through Anomaly Detection

Access control is a fundamental component of IT systems to guarantee the confidentiality and integrity of sensitive resources. However, access control systems have inherent limitations: once permissions have been assigned to users, access control systems do not provide any means to prevent users from misusing such permissions. The problem of privilege misuse is typically addressed by employing auditing mechanisms, which verify users' activities a posteriori. However, auditing does not allow for the timely detection and mitigation of privilege misuse. In this work, we propose a framework that complements access control with anomaly detection for the run-time monitoring of access requests and raises an alert when a user diverges from her normal access behavior. To detect anomalous access requests, we propose a novel approach to build user profiles by eliciting patterns of typical access behavior from historical access data. We evaluated our framework using the access log of a hospital. The results show that our framework has very few false positives and can detect several attack scenarios

Towards a systematic process-aware behavioral analysis for security

\u3cp\u3eNowadays, security is a key concern for organizations. An increasingly popular solution to enhance security in organizational settings is the adoption of anomaly detection systems. These systems raise an alert when an abnormal behavior is detected, upon which proper measures have to be taken. A well-known drawback of these solutions is that the underlying detection engine is a black box, i.e., the behavioral profiles used for detections are encoded in some mathematical model that is challenging to understand for human analysts or, in some cases, is not even accessible. Therefore, anomaly detection systems often fail in supporting analysts in understanding what is happening in the system and how to respond to detected security threats. In this work, we investigate the use of process analysis techniques to build behavioral models understandable by human analysts. We also delineate a systematic methodology for process-aware behaviors analysis and discuss the findings obtained by applying such a methodology to a real-world event log.\u3c/p\u3

On the use of hierarchical subtrace mining for efficient local process model mining

Mining local patterns of process behavior is a vital tool for the analysis of event data that originates from flexible processes, for which it is generally not possible to describe the behavior of the process in a single process model without overgeneralizing the behavior allowed by the process. Several techniques for mining such local patterns have been developed throughout the years, including Local Process Model (LPM) mining and the hierarchical mining of frequent subtraces (i.e., subprocesses). These two techniques can be considered to be orthogonal, i.e., they provide different types of insights on the behavior observed in an event log. As a consequence, it is often useful to apply both techniques to the data. However, both techniques can be computationally intensive, hindering data analysis. In this work, we explore how the output of a subtrace mining approach can be used to mine LPMs more efficiently. We show on a collection of real-life event logs that exploiting the ordering constraints extracted from subtraces lowers the computation time needed for LPM mining compared to state-of-the-art techniques, while at the same time mining higher quality LPMs. Additionally, by mining LPMs from subtraces, we can obtain a more structured and meaningful representation of subprocesses allowing for classic process-flow constructs such as parallel ordering, choices, and loops, besides the precedence relations shown by subtraces.</p

Unveiling systematic biases in decisional processes:an application to discrimination discovery

\u3cp\u3eDecisional processes are at the basis of several security and privacy applications. However, they are often not transparent and can be affected by human or algorithmic biases that may lead to systematically misleading or unfair outcomes. To unveil these biases, one has to identify which information was used to make the decision and to quantify to what extent such information has influenced the process outcome. Two classes of techniques are widely used to determine possible correlation between variables within decisional processes from observational data: (i) econometric techniques, in particular regression analysis, and (ii) knowledge discovery techniques, in particular association rules mining. However, these techniques, taken individually, have intrinsic drawbacks that limit their applicability. In thiswork, we propose an approach for unveiling biases in decisional processes, which leverages association rule mining for systematic hypothesis generation and regression analysis for model selection and recommendation extraction. We demonstrate the proposed approach in the context of discrimination detection, showing that not only it provides 'statistically significant' evidence of discrimination but it also allows for a more efficient operationalization of the recommendations extracted, upon which the decision maker can operate.\u3c/p\u3

Discovering reliable evidence of data misuse by exploiting rule redundancy

Big Data offers opportunities for in-depth data analytics and advanced personalized services. Yet, while valuable, data analytics might rely on data that should not have been used due to, e.g., privacy constraints from the data subject or regulations. As decision makers and data controllers often act outside any control mechanism and with no requirement of transparency, it is challenging to verify whether constraints on data usage are actually satisfied. In this work, we relate the problem of finding evidence of data misuse to the identification of unique decision rules, i.e. rules that have likely been used for decision making. Accordingly, we propose an approach to find reliable evidence of data misuse in the context of classification problems using association rule mining, along with novel metrics to assess the level of redundancy among decision rules. Our proposed approach is able to identify the use of sensitive information in decisional processes along with their context. We evaluated our approach through both controlled experiments and two case studies using real-life event data. The results show that our approach finds more reliable evidence of data misuse compared to previous work

Discovering reliable evidence of data misuse by exploiting rule redundancy

\u3cp\u3eBig Data offers opportunities for in-depth data analytics and advanced personalized services. Yet, while valuable, data analytics might rely on data that should not have been used due to, e.g., privacy constraints from the data subject or regulations. As decision makers and data controllers often act outside any control mechanism and with no requirement of transparency, it is challenging to verify whether constraints on data usage are actually satisfied. In this work, we relate the problem of finding evidence of data misuse to the identification of unique decision rules, i.e. rules that have likely been used for decision making. Accordingly, we propose an approach to find reliable evidence of data misuse in the context of classification problems using association rule mining, along with novel metrics to assess the level of redundancy among decision rules. Our proposed approach is able to identify the use of sensitive information in decisional processes along with their context. We evaluated our approach through both controlled experiments and two case studies using real-life event data. The results show that our approach finds more reliable evidence of data misuse compared to previous work.\u3c/p\u3

Measuring privacy compliance with process specifications

Enforcement relies on the idea that infringements are violations and as such should not be allowed. However, this notion is very restrictive and cannot be applied in unpredictable domains like healthcare. To address this issue, we need conformance metrics for detecting and quantifying infringements of policies and procedures. However, existing metrics usually consider every deviation from specifications equally making them inadequate to measure the severity of infringements. In this paper, we identify a number of factors which can be used to quantify deviations from process specifications. These factors drive the definition of metrics that allow for a more accurate measurement of privacy infringements. We demonstrate how the proposed approach can be adopted to enhance existing conformance metrics through a case study on the provisioning of healthcare treatment

On the use of hierarchical subtrace mining for efficient local process model mining

\u3cp\u3eMining local patterns of process behavior is a vital tool for the analysis of event data that originates from flexible processes, for which it is generally not possible to describe the behavior of the process in a single process model without overgeneralizing the behavior allowed by the process. Several techniques for mining such local patterns have been developed throughout the years, including Local Process Model (LPM) mining and the hierarchical mining of frequent subtraces (i.e., subprocesses). These two techniques can be considered to be orthogonal, i.e., they provide different types of insights on the behavior observed in an event log. As a consequence, it is often useful to apply both techniques to the data. However, both techniques can be computationally intensive, hindering data analysis. In this work, we explore how the output of a subtrace mining approach can be used to mine LPMs more efficiently. We show on a collection of real-life event logs that exploiting the ordering constraints extracted from subtraces lowers the computation time needed for LPM mining compared to state-of-the-art techniques, while at the same time mining higher quality LPMs. Additionally, by mining LPMs from subtraces, we can obtain a more structured and meaningful representation of subprocesses allowing for classic process-flow constructs such as parallel ordering, choices, and loops, besides the precedence relations shown by subtraces.\u3c/p\u3