An Ensemble-based p2p Framework for the Detection of Deviant Business Process Instances

The problem of discriminating "deviant" traces(i.e., traces diverging from normal/desired outcomes, such asfrauds, faults, SLA violations) in the execution log of a businessprocess can be faced by extracting a classification model forthe traces, after mapping them onto some suitable featurespace. An ensemble-learning approach was recently proposedthat trains multiple base learners on different vector-space viewsof the given log, and a probabilistic meta-model that combinesthe predictions of the discovered base classifiers. However, thesequential centralised implementation of this learning approachmakes it unsuitable for real applications, where large volumesof traces are produced continuously, while both deviant andnormal behaviours tend to change over the time. We herepropose an online deviance detection framework that leverages anovel incremental learning scheme, which extracts different basemodels from different chunks of a trace stream, and dynamicallycombines them in an ensemble model. Notably, the system is basedupon a P2P architecture that allows it to distribute the entirelearning procedure among multiple nodes. Preliminary tests ona real-life log confirmed the validity of the approach, in terms ofboth effectiveness and efficiency.