Logo der Universität Wien

Multi Instance Anomaly Detection in Business Process Executions


Processes control critical IT systems and business cases in dynamic environments. Hence, ensuring secure model executions is crucial to prevent misuse and attacks. In general, anomaly detection approaches can be employed to tackle this challenge. Existing ones analyze each process instance individually. Doing so does not consider attacks that combine multiple instances, e.g., by splitting fraudulent fund transactions into multiple instances with smaller unsuspicious amounts. The proposed approach aims at detecting such attacks. For this, anomalies between the temporal behavior of a set of historic instances (ex post) and the temporal behavior of running instances are identified. Here, temporal behavior refers to the temporal order between the instances and their events. The proposed approach is implemented and evaluated based on real life process logs from different domains and artificial anomalies.

Grafik Top
Grafik Top
Paper in Conference Proceedings or in Workshop Proceedings (Paper)
Event Title
Int'l Conference on Business Process Management 2017
Workflow Systems and Technology
Event Location
Barcelona, Spain
Event Type
Event Dates
10-15 September 2017
Page Range
pp. 77-93
Grafik Top
Contact us
Faculty of Computer Science
University of Vienna

Währinger Straße 29
A-1090 Vienna