Professional Documents
Culture Documents
External Examiner
Internal Examiner
2/18
2/90
PARIKET
Publications
Nisha Gupta, Kritika Anand and Ashish Sureka, Pariket: Mining Business
Process Logs for Root Cause Analysis of Anomalous Incidents, Tenth
International Workshop - Databases in Networked Information
Systems, Springer LNCS Volume 8999 (DNIS 2015)
Work in Progress
Kirtika Anand, Nisha Gupta and Ashish Sureka, Utility-Based Control
Flow Discovery from Business Process Event Logs – plan to submit to
good data management or business process management conference.
3/18
3/90
PARIKET
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
4/90
PARIKET
Research Motivation and Aim
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
5/90
PARIKET
Research Motivation and Aim
PAIS
Process Aware Information System (PAIS)
6/90
PARIKET
Research Motivation and Aim
PAIS
Process Aware Information System (PAIS)
Supports/
controls
Process Aware
Information System Event Logs
Records events
Figure 1: PAIS
7/90
PARIKET
Research Motivation and Aim
Business Process Logs
8/90
PARIKET
Research Motivation and Aim
Business Process Logs
9/90
PARIKET
Research Motivation and Aim
Business Process Logs
10/90
PARIKET
Research Motivation and Aim
Business Process Logs
Events
11/90
PARIKET
Research Motivation and Aim
Business Process Logs
12/90
PARIKET
Research Motivation and Aim
Business Process Logs
13/90
PARIKET
Research Motivation and Aim
Business Process Logs
14/90
PARIKET
Research Motivation and Aim
Business Process Logs
15/90
PARIKET
Research Motivation and Aim
Anomalies
Anomalies
16/90
PARIKET
Research Motivation and Aim
Anomaly Detection in PAIS
17/90
PARIKET
Research Motivation and Aim
Root Cause Analysis
18/18
18/90
PARIKET
Research Motivation and Aim
Root Cause Analysis
19/90
PARIKET
Research Motivation and Aim
Research Aim
Research Aim
To investigate Window based and Markovian based
techniques for detecting anomalies in business
process event logs.
To apply machine learning techniques such as
decision tree classier to extract rules describing
cause of anomalous behavior.
To interactively explore different patterns of data
using advanced visualization techniques such as
parallel plot.
20/90
PARIKET
Research Motivation and Aim
Research Aim
Research Aim
21/90
PARIKET
Related Work and Novel Contributions
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
22/90
PARIKET
Related Work and Novel Contributions
Related Work
Related Work I
Calderόn-Ruiz et al. [2]
Novel technique to identify potential causes of failures in
business process based event logs.
Event log divided in two, successful and failed cases.
Patterns compared using control flow and time perspective.
Related Work II
Suriadi et al. [4]
Enrich and transform process based logs for root cause
analysis.
Based on classification algorithms.
24/90
PARIKET
Related Work and Novel Contributions
Related Work
25/90
PARIKET
Related Work and Novel Contributions
Related Work
Related Work IV
Bezerra et al. [8]
Extend own work in [6].
Three algorithms: threshold, iterative and sampling for
anomaly detection.
Based on both conformance analysis and process discovery.
26/90
PARIKET
Related Work and Novel Contributions
Novel Research Contributions
27/90
PARIKET
Research Framework and Solution Approach
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
28/90
PARIKET
Research Framework and Solution Approach
Architecture Diagram
Zoom Shape 3
Zoom
Zoom Shape 6 Zoom Shape 5 Zoom Shape 4
Shape 7
29/90
30/90
31/90
32/90
33/90
34/90
35/90
36/90
37/90
38/90
39/90
40/90
41/90
42/90
43/90
PARIKET
Research Framework and Solution Approach
Architecture Diagram
44/90
PARIKET
Experimental Dataset
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
45/90
PARIKET
Experimental Dataset
Experimental Dataset
Business Process Intelligence 2014 (BPI 2014) dataset.
Large real world data from Rabobank Group Information and
Communication Technology (ICT).
Related to the Information Technology Infrastructure Library
(ITIL) process implemented in the Bank.
Incident_activity_detail
Cases 46,616
Events 466,737
Start Timestamp 07.01.2013
End Timestamp 02.04.2014
IncidentAcitivity Type 39
Assignment Group 242
47/90
PARIKET
Experimental Dataset
Dataset Details
Dataset Details
Figure 3: Pareto chart showing the distribution of activities and their cumulative count
48/90
PARIKET
Experiments and Results
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
49/90
PARIKET
Experiments and Results
Sequential Dataset Conversion
51/90
PARIKET
Experiments and Results
Anomaly Detection
Anomaly Detection
Aim is to identify anomalous incidents based on obtained
sequences.
Subsequence Frequency
27 20 1
20 20 1
20 2 1
2 27 1
27 27 1
27 34 1
34 2 1
25 1
54 1
54/90
PARIKET
Experiments and Results
Anomaly Detection
55/90
PARIKET
Experiments and Results
Anomaly Detection
56/90
PARIKET
Experiments and Results
Anomaly Detection
57/90
PARIKET
Experiments and Results
Anomaly Detection
58/90
PARIKET
Experiments and Results
Anomaly Detection
59/90
PARIKET
Experiments and Results
Anomaly Detection
60/90
PARIKET
Experiments and Results
Anomaly Detection
62/90
PARIKET
Experiments and Results
Anomaly Detection
63/90
PARIKET
Experiments and Results
Data Pre-processing
Data Pre-processing
Data Pre-processing
Interaction_detail
Interaction_Incident
Anomalous
(Yes/No)
Merge
Incident_detail
65/90
PARIKET
Experiments and Results
Merged Table
Data Pre-processing
Attribute Name Attribute Type Description
CIType (Aff) Nominal 13 distinct type of CI’s
Example: software, storage,
hardware.
CISubType (Aff) Nominal 64 CI Sub types.
Example: client based, server
based.
Priority Nominal {1,2,3,4,5}
Classification
67/90
PARIKET
Experiments and Results
Classification
Flow of Classification
69/90
PARIKET
Experiments and Results
Classification
Ic_OpenTime
‘<=381657’ ‘>381657’
70/90
PARIKET
Experiments and Results
Classification
‘<=384871’ ‘>384871’
‘<=384822’ ‘>384822’
Classification Result
72/90
PARIKET
Experiments and Results
Visualization
Visualization
73/90
PARIKET
Experiments and Results
Parallel Plot Example
74/90
PARIKET
Experiments and Results
Visualization
Visualization
Visualization
PARIKET
Experiments and Results
Visualization
Visualization Results
77/90
PARIKET
Experiments and Results
Triangulation Study
Triangulation Study
78/90
PARIKET
Experiments and Results
Triangulation Study
Triangulation Study
TRIANGULATION
79/90
PARIKET
Experiments and Results
Triangulation Study
Triangulation Study
Observation Parallel Coordinate Decision Tree
Plot Classifier
1 Incident Open (IO) Time IO = 381658 hrs. 381657<IO<= 381658
2 Incident and Interaction open 383139<IO<387725 383498<IO<=383499
time (IrO) 383139<IrO<387706 IrO>383499
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
81/90
PARIKET
Limitations and Future Work
82/90
PARIKET
Conclusion
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
83/90
PARIKET
Conclusion
Conclusion
Novel approach for identification of anomalous traces and
executions from business process event-logs.
New technique for Root Cause Analysis (RCA) of anomalous
traces.
Experimental results reveal agreement in output from Window-
based and Markovian technique.
Data pre-processing and transformation is needed and impacts
the outcome of parallel coordinate plot and decision tree
classifier.
Triangulation study to demonstrate that the proposed approach is
effective.
84/90
85/90
PARIKET
Conclusion
Outline
1 Research Motivation and Aim
2 Related Work and Novel Contributions
3 Research Framework and Solution Approach
4 Experimental Dataset
5 Experiments and Results
6 Limitations and Future Work
7 Conclusion
8 References
86/90
PARIKET
References
References-I
Marlon Dumas, Wil M Van der Aalst, and Arthur H Ter Hofstede.
Process-aware information systems : bridging people and software
through process technology.
John Wiley & Sons, 2005
87/90
PARIKET
References
References-II
V. Chandola, A. Banerjee, and V. Kumar.
Anomaly Detection for Discrete Sequences: A Survey.
Knowledge and Data Engineering, IEEE Transactions on, 24(5):823-839,
May 2012.
Peter TG Hornix.
Performance analysis of business processes through process mining.
Master's Thesis, Eindhoven University of Technology, 2007.
References-III
Suriadi Suriadi, Chun Ouyang, Wil MP van der Aalst, and Arthur HM ter
Hofstede.
Root cause analysis with enriched process logs.
In Business Process Management Workshops, Springer, 2013.
89/90
PARIKET
References
References-IV
Fabio Bezerra and Jacques Wainer.
Fraud detection in process aware systems. International Journal of
Business Process
Integration and Management, 5(2):121-129, 2011.
90/90