An Association Rule Mining-Based Framework for the Discovery of Anomalous Behavioral Patterns

The identification of different risks and threats has become a top priority for organizations in recent years. Various techniques in both data and process mining fields have been developed to uncover unknown risks. However, applying them is challenging for risk analysts since it requires deep knowledge of mining algorithms. To help business and risk analysts to identify potential operational and data security risks, we developed an easy to apply automated framework which can discover anomalous behavioral patterns in business process executions. First, using a process mining technique, it obtains deviations in different aspects of a business process such as skipped tasks, spurious data accesses, and misusage of authorizations. Then, by applying a rule mining technique, it can extract anomalous behavioral patterns. Furthermore, in an automated procedure, our framework is able to automatically interpret anomalous patterns and categorize them into roles, users, and system deviating patterns. We conduct experiments on a real-life dataset from a financial organization and demonstrate that our framework enables accurate diagnostics and a better understanding of deviant behaviors.