An Anomaly Detection Technique for Business Processes based on Extended Dynamic Bayesian Networks

Checking and analyzing various executions of different Business Processes can be a tedious task as the logs from these executions may contain lots of events, each with a (possibly large) number of attributes. We developed a way to automatically model the behavior captured in log files with dozens of attributes. The advantage of our method is that we do not need any prior knowledge about the data and the attributes. The learned model can then be used to detect anomalous executions in the data. To achieve this we extend the existing Dynamic Bayesian Networks with other (existing) techniques to better model the normal behavior found in log files. We introduce a new algorithm that is able to learn a model of a log file starting from the data itself. The model is capable of scoring events and cases, even when new values or new combinations of values appear in the log file, and has the ability to give a decomposition of the given score, indicating the root cause for the anomalies. Furthermore we show that our model can be used in a more general way for detecting Concept Drift.