© Springer International Publishing AG, part of Springer Nature 2018 (eds.), Encyclopedia of Big Data Technologies,
DefinitionBusiness process deviance mining refers tothe problem of (automatically) detecting andexplaining deviant executions of a businessprocess based on the historical data storedin a given Business Process Event Log(called hereinafter event log for the sake ofconciseness). In this context, a deviant execution(or "deviance") is one that deviates from thenormal/desirable behavior of the process in termsof performed activities, performance measures,outcomes, or security/compliance aspects.Usually, the given event log is regarded asa collection of process traces, encoding eachthe history of a single process instance, and thetask amounts to spotting and analyzing the tracesthat likely represent deviant process (execution)instances.In principle, this specific process mining taskcan help recognize, understand, and possibly prevent/reduce the occurrence of undesired behaviors.OverviewHistorically, in a business process mining/intelligencecontext, the term "deviance mining"was first used in Nguyen et al. (2014). Sincethen increasing attention has been given to thisresearch topic, owing to two main reasons: (i)deviances may yield severe damages to theorganization, e.g., in terms of monetary costs,missed opportunities, or reputation loss; (ii)process logs may be very large and difficult toanalyze with traditional auditing approaches, sothat automated techniques are needed to discoverdeviances and/or actionable deviance patterns.Abstracting from the common idea of exploitingevent log data, approaches developed in thisfield look quite variegate. Indeed, in addition topossibly resorting to different data mining techniques,they may also differ in two fundamentalaspects: the analysis task and the kinds of availableinformation.Two main deviance mining tasks (often carriedout together) have been pursued in the literature:deviance explanation and deviance detection. Theformer is devoted to "explain the reasons whya business process deviates from its normal orexpected execution" (Nguyen et al. 2014, 2016).In the latter, it must be decided whether a givenprocess instance (a.k.a. case) is deviant or not.This task can be accomplished in two fashions:(i) run-time detection, each process instance mustbe analyzed as it unfolds, based on its "premortem"trace; and (ii) ex post detection, only"postmortem" traces (i.e., just one fully growntrace for each finished process instance) must beanalyzed to possibly discover deviances.As to the second aspect (namely, availableinformation), two deviance mining settings canbe considered, which differ for the presence ofauxiliary information, in addition to the given logtraces:o Supervised: All the traces are annotated withsome deviance label/score, which allows to regardthem as examples for learning a deviancedetector/classifier or to extract deviance patterns.o Unsupervised: No a priori deviance-orientedinformation is given for the traces, so that anunsupervised deviance mining method needsto be devised, based on the assumption that all/most deviances look anomalous with respectto the mainstream process behavior.The rest of this chapter focuses on ex postdeviance mining approaches. In fact, the exploitationof supervised learning methods to detectdeviances at run-time has been considered inthe related field of predictive business processmonitoring.
Business process deviance mining
Francesco Folino;Luigi Pontieri
2018
Abstract
DefinitionBusiness process deviance mining refers tothe problem of (automatically) detecting andexplaining deviant executions of a businessprocess based on the historical data storedin a given Business Process Event Log(called hereinafter event log for the sake ofconciseness). In this context, a deviant execution(or "deviance") is one that deviates from thenormal/desirable behavior of the process in termsof performed activities, performance measures,outcomes, or security/compliance aspects.Usually, the given event log is regarded asa collection of process traces, encoding eachthe history of a single process instance, and thetask amounts to spotting and analyzing the tracesthat likely represent deviant process (execution)instances.In principle, this specific process mining taskcan help recognize, understand, and possibly prevent/reduce the occurrence of undesired behaviors.OverviewHistorically, in a business process mining/intelligencecontext, the term "deviance mining"was first used in Nguyen et al. (2014). Sincethen increasing attention has been given to thisresearch topic, owing to two main reasons: (i)deviances may yield severe damages to theorganization, e.g., in terms of monetary costs,missed opportunities, or reputation loss; (ii)process logs may be very large and difficult toanalyze with traditional auditing approaches, sothat automated techniques are needed to discoverdeviances and/or actionable deviance patterns.Abstracting from the common idea of exploitingevent log data, approaches developed in thisfield look quite variegate. Indeed, in addition topossibly resorting to different data mining techniques,they may also differ in two fundamentalaspects: the analysis task and the kinds of availableinformation.Two main deviance mining tasks (often carriedout together) have been pursued in the literature:deviance explanation and deviance detection. Theformer is devoted to "explain the reasons whya business process deviates from its normal orexpected execution" (Nguyen et al. 2014, 2016).In the latter, it must be decided whether a givenprocess instance (a.k.a. case) is deviant or not.This task can be accomplished in two fashions:(i) run-time detection, each process instance mustbe analyzed as it unfolds, based on its "premortem"trace; and (ii) ex post detection, only"postmortem" traces (i.e., just one fully growntrace for each finished process instance) must beanalyzed to possibly discover deviances.As to the second aspect (namely, availableinformation), two deviance mining settings canbe considered, which differ for the presence ofauxiliary information, in addition to the given logtraces:o Supervised: All the traces are annotated withsome deviance label/score, which allows to regardthem as examples for learning a deviancedetector/classifier or to extract deviance patterns.o Unsupervised: No a priori deviance-orientedinformation is given for the traces, so that anunsupervised deviance mining method needsto be devised, based on the assumption that all/most deviances look anomalous with respectto the mainstream process behavior.The rest of this chapter focuses on ex postdeviance mining approaches. In fact, the exploitationof supervised learning methods to detectdeviances at run-time has been considered inthe related field of predictive business processmonitoring.| File | Dimensione | Formato | |
|---|---|---|---|
|
Encyclopedia19.pdf
solo utenti autorizzati
Tipologia:
Versione Editoriale (PDF)
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
248.89 kB
Formato
Adobe PDF
|
248.89 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
