The Analysis of Online Event Streams: Predicting the Next Activity for Anomaly Detection

• URL: http://arxiv.org/abs/2203.09619v1
• Date: Thu, 17 Mar 2022 21:17:19 GMT
• Title: The Analysis of Online Event Streams: Predicting the Next Activity for Anomaly Detection
• Authors: Suhwan Lee, Xixi Lu, Hajo A. Reijers
• Abstract summary: We propose to tackle the online event anomaly detection problem using next-activity prediction methods. We compare these predictive anomaly detection methods to four classical unsupervised anomaly detection approaches.
• Score: 0.696125353550498
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Anomaly detection in process mining focuses on identifying anomalous cases or events in process executions. The resulting diagnostics are used to provide measures to prevent fraudulent behavior, as well as to derive recommendations for improving process compliance and security. Most existing techniques focus on detecting anomalous cases in an offline setting. However, to identify potential anomalies in a timely manner and take immediate countermeasures, it is necessary to detect event-level anomalies online, in real-time. In this paper, we propose to tackle the online event anomaly detection problem using next-activity prediction methods. More specifically, we investigate the use of both ML models (such as RF and XGBoost) and deep models (such as LSTM) to predict the probabilities of next-activities and consider the events predicted unlikely as anomalies. We compare these predictive anomaly detection methods to four classical unsupervised anomaly detection approaches (such as Isolation forest and LOF) in the online setting. Our evaluation shows that the proposed method using ML models tends to outperform the one using a deep model, while both methods outperform the classical unsupervised approaches in detecting anomalous events.

Related papers

• Unsupervised Anomaly Detection Using Diffusion Trend Analysis [48.19821513256158]
  We propose a method to detect anomalies by analysis of reconstruction trend depending on the degree of degradation. The proposed method is validated on an open dataset for industrial anomaly detection.
  arXiv  Detail & Related papers  (2024-07-12T01:50:07Z)
• xSemAD: Explainable Semantic Anomaly Detection in Event Logs Using Sequence-to-Sequence Models [1.6713531923053913]
  This work addresses a gap in semantic anomaly detection, which typically indicates the occurrence of an anomaly without explaining the nature of the anomaly. We propose xSemAD, an approach that uses a sequence-to-sequence model to go beyond pure identification and provides extended explanations. Our experiments demonstrate that our approach outperforms existing state-of-the-art semantic anomaly detection methods.
  arXiv  Detail & Related papers  (2024-06-28T09:06:52Z)
• DABL: Detecting Semantic Anomalies in Business Processes Using Large Language Models [9.790772692344044]
  We introduce DABL, a novel approach for detecting semantic anomalies in business processes using large language models (LLMs) We collect 143,137 real-world process models from various domains. By generating normal traces through the playout of these process models, we fine-tune Llama 2 using the resulting log. We demonstrate that DABL surpasses existing state-of-the-art semantic anomaly detection methods in terms of both generalization ability and learning of given processes.
  arXiv  Detail & Related papers  (2024-06-22T08:20:19Z)
• MSFlow: Multi-Scale Flow-based Framework for Unsupervised Anomaly Detection [124.52227588930543]
  Unsupervised anomaly detection (UAD) attracts a lot of research interest and drives widespread applications. An inconspicuous yet powerful statistics model, the normalizing flows, is appropriate for anomaly detection and localization in an unsupervised fashion. We propose a novel Multi-Scale Flow-based framework dubbed MSFlow composed of asymmetrical parallel flows followed by a fusion flow. Our MSFlow achieves a new state-of-the-art with a detection AUORC score of up to 99.7%, localization AUCROC score of 98.8%, and PRO score of 97.1%.
  arXiv  Detail & Related papers  (2023-08-29T13:38:35Z)
• Real-Time Outlier Detection with Dynamic Process Limits [0.609170287691728]
  This paper proposes an online anomaly detection algorithm for existing real-time infrastructures. Online inverse cumulative distribution-based approach is introduced to eliminate common problems of offline anomaly detectors. The benefit of the proposed method is the ease of use, fast computation, and deployability as shown in two case studies of real microgrid operation data.
  arXiv  Detail & Related papers  (2023-01-31T10:23:02Z)
• MissDAG: Causal Discovery in the Presence of Missing Data with Continuous Additive Noise Models [78.72682320019737]
  We develop a general method, which we call MissDAG, to perform causal discovery from data with incomplete observations. MissDAG maximizes the expected likelihood of the visible part of observations under the expectation-maximization framework. We demonstrate the flexibility of MissDAG for incorporating various causal discovery algorithms and its efficacy through extensive simulations and real data experiments.
  arXiv  Detail & Related papers  (2022-05-27T09:59:46Z)
• Explainable Deep Few-shot Anomaly Detection with Deviation Networks [123.46611927225963]
  We introduce a novel weakly-supervised anomaly detection framework to train detection models. The proposed approach learns discriminative normality by leveraging the labeled anomalies and a prior probability. Our model is substantially more sample-efficient and robust, and performs significantly better than state-of-the-art competing methods in both closed-set and open-set settings.
  arXiv  Detail & Related papers  (2021-08-01T14:33:17Z)
• Online anomaly detection using statistical leverage for streaming business process events [4.9342793303029975]
  Event log anomaly detection in online settings can be crucial for discovering anomalies in process execution as soon as they occur. This paper describes a novel approach to event log anomaly detection on event streams that uses statistical leverage.
  arXiv  Detail & Related papers  (2021-03-01T08:01:49Z)
• Recomposition vs. Prediction: A Novel Anomaly Detection for Discrete Events Based On Autoencoder [5.781280693720236]
  One of the most challenging problems in the field of intrusion detection is anomaly detection for discrete event logs. We propose DabLog, a Deep Autoencoder-Based anomaly detection method for discrete event Logs. Our approach determines whether a sequence is normal or abnormal by analyzing (encoding) and reconstructing (decoding) the given sequence.
  arXiv  Detail & Related papers  (2020-12-27T16:31:05Z)
• Real-Time Anomaly Detection in Edge Streams [49.26098240310257]
  We propose MIDAS, which focuses on detecting microcluster anomalies, or suddenly arriving groups of suspiciously similar edges. We further propose MIDAS-F, to solve the problem by which anomalies are incorporated into the algorithm's internal states. Experiments show that MIDAS-F has significantly higher accuracy than MIDAS.
  arXiv  Detail & Related papers  (2020-09-17T17:59:27Z)
• Deep Weakly-supervised Anomaly Detection [118.55172352231381]
  Pairwise Relation prediction Network (PReNet) learns pairwise relation features and anomaly scores. PReNet can detect any seen/unseen abnormalities that fit the learned pairwise abnormal patterns. Empirical results on 12 real-world datasets show that PReNet significantly outperforms nine competing methods in detecting seen and unseen anomalies.
  arXiv  Detail & Related papers  (2019-10-30T00:40:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.