Kernel Based Sequential Data Anomaly Detection in Business Process Event Logs
This addresses anomaly detection for business process management, with applications like fraud detection, but is incremental as it adapts existing kernel methods to a specific domain.
The paper tackles anomaly detection in business process event logs by modeling them as sequential data and applying kernel-based techniques, demonstrating effectiveness on a real-world incident management dataset.
Business Process Management Systems (BPMS) log events and traces of activities during the execution of a process. Anomalies are defined as deviation or departure from the normal or common order. Anomaly detection in business process logs has several applications such as fraud detection and understanding the causes of process errors. In this paper, we present a novel approach for anomaly detection in business process logs. We model the event logs as a sequential data and apply kernel based anomaly detection techniques to identify outliers and discordant observations. Our technique is unsupervised (does not require a pre-annotated training dataset), employs kNN (k-nearest neighbor) kernel based technique and normalized longest common subsequence (LCS) similarity measure. We conduct experiments on a recent, large and real-world incident management data of an enterprise and demonstrate that our approach is effective.