Anomaly detection on event logs with a scarcity of labels

Sylvio Barbon Junior; Paolo Ceravolo; Ernesto Damiani; Nicolas Jashchenko Omori; Gabriel Marques Tavares

doi:10.1109/ICPM49681.2020.00032

Anomaly detection on event logs with a scarcity of labels

Sylvio Barbon Junior, Paolo Ceravolo, Ernesto Damiani, Nicolas Jashchenko Omori, Gabriel Marques Tavares

Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

23 Scopus citations

Abstract

Assuring anomaly-free business process executions is a key challenge for many organizations. Traditional techniques address this challenge using prior knowledge about anomalous cases that is seldom available in real-life. In this work, we propose the usage of word2vec encoding and One-Class Classification algorithms to detect anomalies by relying on normal behavior only. We investigated 6 different types of anomalies over 38 real and synthetics event logs, comparing the predictive performance of Support Vector Machine, One-Class Support Vector Machine, and Local Outlier Factor. Results show that our technique is viable for real-life scenarios, overcoming traditional machine learning for a wide variety of settings where only the normal behavior can be labeled.

Original language	British English
Title of host publication	Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020
Editors	Boudewijn van Dongen, Marco Montali, Moe Thandar Wynn
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	161-168
Number of pages	8
ISBN (Electronic)	9781728198323
DOIs	https://doi.org/10.1109/ICPM49681.2020.00032
State	Published - Oct 2020
Event	2nd International Conference on Process Mining, ICPM 2020 - Virtual, Padua, Italy Duration: 4 Oct 2020 → 9 Oct 2020

Publication series

Name	Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020

Conference

Conference	2nd International Conference on Process Mining, ICPM 2020
Country/Territory	Italy
City	Virtual, Padua
Period	4/10/20 → 9/10/20

Keywords

anomaly detection
encoding
Local Outlier Factor
One Class Classification
Support Vector Machine

Access to Document

10.1109/ICPM49681.2020.00032

Cite this

Junior, S. B., Ceravolo, P., Damiani, E., Omori, N. J., & Tavares, G. M. (2020). Anomaly detection on event logs with a scarcity of labels. In B. van Dongen, M. Montali, & M. T. Wynn (Eds.), Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020 (pp. 161-168). Article 9230308 (Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICPM49681.2020.00032

Junior, Sylvio Barbon ; Ceravolo, Paolo ; Damiani, Ernesto et al. / Anomaly detection on event logs with a scarcity of labels. Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020. editor / Boudewijn van Dongen ; Marco Montali ; Moe Thandar Wynn. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 161-168 (Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020).

@inproceedings{4be1705f3ffb45e280c548a7c6a58d3f,

title = "Anomaly detection on event logs with a scarcity of labels",

abstract = "Assuring anomaly-free business process executions is a key challenge for many organizations. Traditional techniques address this challenge using prior knowledge about anomalous cases that is seldom available in real-life. In this work, we propose the usage of word2vec encoding and One-Class Classification algorithms to detect anomalies by relying on normal behavior only. We investigated 6 different types of anomalies over 38 real and synthetics event logs, comparing the predictive performance of Support Vector Machine, One-Class Support Vector Machine, and Local Outlier Factor. Results show that our technique is viable for real-life scenarios, overcoming traditional machine learning for a wide variety of settings where only the normal behavior can be labeled.",

keywords = "anomaly detection, encoding, Local Outlier Factor, One Class Classification, Support Vector Machine",

author = "Junior, {Sylvio Barbon} and Paolo Ceravolo and Ernesto Damiani and Omori, {Nicolas Jashchenko} and Tavares, {Gabriel Marques}",

note = "Funding Information: This study was financed in part by Coordination for the National Council for Scientific and Technological Development (CNPq) of Brazil - Grant of Project 420562/2018-4 and Fundac¸{\~a}o Arauc{\'a}ria (Paran{\'a}, Brazil). It was also partly supported by the program “Piano di sostegno alla ricerca 2019” funded by Universita degli Studi di Milano. Publisher Copyright: {\textcopyright} 2020 IEEE.; 2nd International Conference on Process Mining, ICPM 2020 ; Conference date: 04-10-2020 Through 09-10-2020",

year = "2020",

month = oct,

doi = "10.1109/ICPM49681.2020.00032",

language = "British English",

series = "Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "161--168",

editor = "{van Dongen}, Boudewijn and Marco Montali and Wynn, {Moe Thandar}",

booktitle = "Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020",

address = "United States",

}

Junior, SB, Ceravolo, P, Damiani, E, Omori, NJ & Tavares, GM 2020, Anomaly detection on event logs with a scarcity of labels. in B van Dongen, M Montali & MT Wynn (eds), Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020., 9230308, Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020, Institute of Electrical and Electronics Engineers Inc., pp. 161-168, 2nd International Conference on Process Mining, ICPM 2020, Virtual, Padua, Italy, 4/10/20. https://doi.org/10.1109/ICPM49681.2020.00032

Anomaly detection on event logs with a scarcity of labels. / Junior, Sylvio Barbon; Ceravolo, Paolo; Damiani, Ernesto et al.
Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020. ed. / Boudewijn van Dongen; Marco Montali; Moe Thandar Wynn. Institute of Electrical and Electronics Engineers Inc., 2020. p. 161-168 9230308 (Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Anomaly detection on event logs with a scarcity of labels

AU - Junior, Sylvio Barbon

AU - Ceravolo, Paolo

AU - Damiani, Ernesto

AU - Omori, Nicolas Jashchenko

AU - Tavares, Gabriel Marques

N1 - Funding Information: This study was financed in part by Coordination for the National Council for Scientific and Technological Development (CNPq) of Brazil - Grant of Project 420562/2018-4 and Fundac¸ão Araucária (Paraná, Brazil). It was also partly supported by the program “Piano di sostegno alla ricerca 2019” funded by Universita degli Studi di Milano. Publisher Copyright: © 2020 IEEE.

PY - 2020/10

Y1 - 2020/10

N2 - Assuring anomaly-free business process executions is a key challenge for many organizations. Traditional techniques address this challenge using prior knowledge about anomalous cases that is seldom available in real-life. In this work, we propose the usage of word2vec encoding and One-Class Classification algorithms to detect anomalies by relying on normal behavior only. We investigated 6 different types of anomalies over 38 real and synthetics event logs, comparing the predictive performance of Support Vector Machine, One-Class Support Vector Machine, and Local Outlier Factor. Results show that our technique is viable for real-life scenarios, overcoming traditional machine learning for a wide variety of settings where only the normal behavior can be labeled.

AB - Assuring anomaly-free business process executions is a key challenge for many organizations. Traditional techniques address this challenge using prior knowledge about anomalous cases that is seldom available in real-life. In this work, we propose the usage of word2vec encoding and One-Class Classification algorithms to detect anomalies by relying on normal behavior only. We investigated 6 different types of anomalies over 38 real and synthetics event logs, comparing the predictive performance of Support Vector Machine, One-Class Support Vector Machine, and Local Outlier Factor. Results show that our technique is viable for real-life scenarios, overcoming traditional machine learning for a wide variety of settings where only the normal behavior can be labeled.

KW - anomaly detection

KW - encoding

KW - Local Outlier Factor

KW - One Class Classification

KW - Support Vector Machine

UR - http://www.scopus.com/inward/record.url?scp=85096519305&partnerID=8YFLogxK

U2 - 10.1109/ICPM49681.2020.00032

DO - 10.1109/ICPM49681.2020.00032

M3 - Conference contribution

AN - SCOPUS:85096519305

T3 - Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020

SP - 161

EP - 168

BT - Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020

A2 - van Dongen, Boudewijn

A2 - Montali, Marco

A2 - Wynn, Moe Thandar

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2nd International Conference on Process Mining, ICPM 2020

Y2 - 4 October 2020 through 9 October 2020

ER -

Junior SB, Ceravolo P, Damiani E, Omori NJ, Tavares GM. Anomaly detection on event logs with a scarcity of labels. In van Dongen B, Montali M, Wynn MT, editors, Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 161-168. 9230308. (Proceedings - 2020 2nd International Conference on Process Mining, ICPM 2020). doi: 10.1109/ICPM49681.2020.00032

Anomaly detection on event logs with a scarcity of labels

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this