Abstract
This paper proposes a novel trace clustering approach for workflow mining to allow for security audits that regard the evolution of process models along time. Specifically, the trace-clustering method allows auditors to distinguish between different “active” process variants within a timeframe, thereby allowing the visualization of the process evolution. Separately analyzing subsequent process variants allows auditors to localize time-frames and corresponding models for identified vulnerabilities and thus more sophisticated security audits.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Accorsi, R.: Business process as a service: Chances for remote auditing. In: IEEE Computer Software and Applications Conference (to appear, 2011)
Accorsi, R., Wonnemann, C.: Strong non-leak guarantees for workflow models. In: ACM Symposium on Applied Computing (SAC), pp. 308–314 (2011)
Adam, N., Atluri, V., Huang, W.: Modeling and analysis of workflows using petri nets. Journal of Intelligent Information Systems 10(2), 131–158 (1998)
Atluri, V., Warner, J.: Security for workflow systems. In: Handbook of Database Security, pp. 213–230. Springer, Heidelberg (2008)
Jagadeesh Chandra Bose, R.P., van der Aalst, W.: Trace Alignment in Process Mining: Opportunities for Process Diagnostics. In: Hull, R., Mendling, J., Tai, S. (eds.) BPM 2010. LNCS, vol. 6336, pp. 227–242. Springer, Heidelberg (2010)
Jagadeesh Chandra Bose, R.P., van der Aalst, W.M.P., Žliobaitė, I., Pechenizkiy, M.: Handling Concept Drift in Process Mining. In: Mouratidis, H., Rolland, C. (eds.) CAiSE 2011. LNCS, vol. 6741, pp. 391–405. Springer, Heidelberg (2011)
Cummins, F.: BPM meets SOA. In: Handbook on Business Process Management 1, pp. 461–479 (2010)
de Medeiros, A.K.A., Guzzo, A., Greco, G., van der Aalst, W.M.P., Weijters, A.J.M.M., van Dongen, B.F., Saccà, D.: Process Mining Based on Clustering: A Quest for Precision. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 17–29. Springer, Heidelberg (2008)
Greco, G., Guzzo, A., Pontieri, L., Saccà, D.: Discovering expressive process models by clustering log traces. IEEE Transactions on Knowledge and Data Engineering 18(8), 1010–1027 (2006)
Günther, C., Rinderle-Ma, S., Reichert, M., van der Aalst, W.M.P., Recker, J.: Using process mining to learn from process changes in evolutionary systems. Business Process Integration and Management 1, 111 (2007)
Lakshmanan, G., Keyser, P., Duan, S.: Detecting changes in a semi-structured business process through spectral graph analysis. In: IEEE Conference of Data Engineering Workshops, pp. 255–260 (2011)
Lowis, L., Accorsi, R.: Finding vulnerabilities in SOA-based business processes. IEEE Transactions on Service Computing (to appear, 2011)
Sayana, A.: Using CAATs to support IS audit. Information Systems Control Journal (2003)
Song, M., Günther, C.W., van der Aalst, W.M.P.: Trace Clustering in Process Mining. In: Ardagna, D., Mecella, M., Yang, J. (eds.) BPM 2008 Workshops. LNBIP, vol. 17, pp. 109–120. Springer, Heidelberg (2009)
Teeter, R., Alles, M., Vasarhelyi, M.: Remote Audit: A research framework. Journal of Emerging Technology in Accounting (to appear)
van der Aalst, W.M.P., Weijters, T., Maruster, L.: Workflow mining: Discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004)
van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M.: Business Process Management: A Survey. In: van der Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 1–12. Springer, Heidelberg (2003)
van Dongen, B.F., van der Aalst, W.M.P.: Multi-phase process mining: Aggregating instance graphs into EPCs and Petri nets. In: PNCWB Workshop, pp. 35–58 (2005)
van Dongen, B.F., van der Aalst, W.M.P.: Multi-phase Process Mining: Building Instance Graphs. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, vol. 3288, pp. 362–376. Springer, Heidelberg (2004)
Wei, Y., Blake, M.B.: Service-oriented computing and cloud computing: Challenges and opportunities. IEEE Internet Computing 14, 72–75 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stocker, T. (2012). Time-Based Trace Clustering for Evolution-Aware Security Audits. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds) Business Process Management Workshops. BPM 2011. Lecture Notes in Business Information Processing, vol 100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28115-0_45
Download citation
DOI: https://doi.org/10.1007/978-3-642-28115-0_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28114-3
Online ISBN: 978-3-642-28115-0
eBook Packages: Computer ScienceComputer Science (R0)