Keeping our rivers clean: Information-theoretic online anomaly detection for streaming business process events. Issue 104 (February 2022)
- Record Type:
- Journal Article
- Title:
- Keeping our rivers clean: Information-theoretic online anomaly detection for streaming business process events. Issue 104 (February 2022)
- Main Title:
- Keeping our rivers clean: Information-theoretic online anomaly detection for streaming business process events
- Authors:
- Ko, Jonghyeon
Comuzzi, Marco - Abstract:
- Abstract: Event log anomaly detection aims at identifying anomalous information in the logs generated by the execution of business processes. While several techniques for detecting trace-level anomalies in event logs in offline settings, i.e., when event logs are processed as a batch, have appeared recently in the literature, such techniques are currently lacking for online settings, i.e., when events are processed as a stream. Event log anomaly detection in online settings can be crucial for discovering anomalies in process execution as soon as they occur and, consequently, allowing to take early corrective actions. Moreover, it is also crucial for creating models that can adapt to concept drift in the process generating the events. This paper describes a novel approach to event log anomaly detection in process event streams: we define a general framework in which different anomaly detection methods can be plugged in and we propose and evaluate our own method based on statistical leverage. The leverage is an information-theoretic measure that has been used extensively in statistics to identify outliers and it has been adapted in this paper to the specific scenario of event streams. The proposed approach has been evaluated on artificial and real event streams and also on artificial event streams characterised by concept drift. Highlights: A general framework for online anomaly detection. Adaptation of an information-theoretic measure (leverage) to online anomaly detection.Abstract: Event log anomaly detection aims at identifying anomalous information in the logs generated by the execution of business processes. While several techniques for detecting trace-level anomalies in event logs in offline settings, i.e., when event logs are processed as a batch, have appeared recently in the literature, such techniques are currently lacking for online settings, i.e., when events are processed as a stream. Event log anomaly detection in online settings can be crucial for discovering anomalies in process execution as soon as they occur and, consequently, allowing to take early corrective actions. Moreover, it is also crucial for creating models that can adapt to concept drift in the process generating the events. This paper describes a novel approach to event log anomaly detection in process event streams: we define a general framework in which different anomaly detection methods can be plugged in and we propose and evaluate our own method based on statistical leverage. The leverage is an information-theoretic measure that has been used extensively in statistics to identify outliers and it has been adapted in this paper to the specific scenario of event streams. The proposed approach has been evaluated on artificial and real event streams and also on artificial event streams characterised by concept drift. Highlights: A general framework for online anomaly detection. Adaptation of an information-theoretic measure (leverage) to online anomaly detection. Extensive evaluation on real-life and artificial event logs. Additional evaluation and discussion with event logs characterised by concept drift. … (more)
- Is Part Of:
- Information systems. Issue 104(2022)
- Journal:
- Information systems
- Issue:
- Issue 104(2022)
- Issue Display:
- Volume 104, Issue 104 (2022)
- Year:
- 2022
- Volume:
- 104
- Issue:
- 104
- Issue Sort Value:
- 2022-0104-0104-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-02
- Subjects:
- Process mining -- Online anomaly detection -- Event streams -- Information measure -- Statistical leverage
Database management -- Periodicals
Electronic data processing -- Periodicals
Bases de données -- Gestion -- Périodiques
Informatique -- Périodiques
Database management
Electronic data processing
Periodicals
005.7 - Journal URLs:
- http://www.sciencedirect.com/science/journal/03064379 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.is.2021.101894 ↗
- Languages:
- English
- ISSNs:
- 0306-4379
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4496.367300
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20058.xml