xSemAD: Explainable Semantic Anomaly Detection in Event Logs Using Sequence-to-Sequence Models

• URL: http://arxiv.org/abs/2406.19763v1
• Date: Fri, 28 Jun 2024 09:06:52 GMT
• Title: xSemAD: Explainable Semantic Anomaly Detection in Event Logs Using Sequence-to-Sequence Models
• Authors: Kiran Busch, Timotheus Kampik, Henrik Leopold,
• Abstract summary: This work addresses a gap in semantic anomaly detection, which typically indicates the occurrence of an anomaly without explaining the nature of the anomaly. We propose xSemAD, an approach that uses a sequence-to-sequence model to go beyond pure identification and provides extended explanations. Our experiments demonstrate that our approach outperforms existing state-of-the-art semantic anomaly detection methods.
• Score: 1.6713531923053913
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The identification of undesirable behavior in event logs is an important aspect of process mining that is often addressed by anomaly detection methods. Traditional anomaly detection methods tend to focus on statistically rare behavior and neglect the subtle difference between rarity and undesirability. The introduction of semantic anomaly detection has opened a promising avenue by identifying semantically deviant behavior. This work addresses a gap in semantic anomaly detection, which typically indicates the occurrence of an anomaly without explaining the nature of the anomaly. We propose xSemAD, an approach that uses a sequence-to-sequence model to go beyond pure identification and provides extended explanations. In essence, our approach learns constraints from a given process model repository and then checks whether these constraints hold in the considered event log. This approach not only helps understand the specifics of the undesired behavior, but also facilitates targeted corrective actions. Our experiments demonstrate that our approach outperforms existing state-of-the-art semantic anomaly detection methods.

Related papers

• Unsupervised Anomaly Detection Using Diffusion Trend Analysis [48.19821513256158]
  We propose a method to detect anomalies by analysis of reconstruction trend depending on the degree of degradation. The proposed method is validated on an open dataset for industrial anomaly detection.
  arXiv  Detail & Related papers  (2024-07-12T01:50:07Z)
• DABL: Detecting Semantic Anomalies in Business Processes Using Large Language Models [9.790772692344044]
  We introduce DABL, a novel approach for detecting semantic anomalies in business processes using large language models (LLMs) We collect 143,137 real-world process models from various domains. By generating normal traces through the playout of these process models, we fine-tune Llama 2 using the resulting log. We demonstrate that DABL surpasses existing state-of-the-art semantic anomaly detection methods in terms of both generalization ability and learning of given processes.
  arXiv  Detail & Related papers  (2024-06-22T08:20:19Z)
• Don't Miss Out on Novelty: Importance of Novel Features for Deep Anomaly Detection [64.21963650519312]
  Anomaly Detection (AD) is a critical task that involves identifying observations that do not conform to a learned model of normality. We propose a novel approach to AD using explainability to capture such novel features as unexplained observations in the input space. Our approach establishes a new state-of-the-art across multiple benchmarks, handling diverse anomaly types.
  arXiv  Detail & Related papers  (2023-10-01T21:24:05Z)
• CARLA: Self-supervised Contrastive Representation Learning for Time Series Anomaly Detection [53.83593870825628]
  One main challenge in time series anomaly detection (TSAD) is the lack of labelled data in many real-life scenarios. Most of the existing anomaly detection methods focus on learning the normal behaviour of unlabelled time series in an unsupervised manner. We introduce a novel end-to-end self-supervised ContrAstive Representation Learning approach for time series anomaly detection.
  arXiv  Detail & Related papers  (2023-08-18T04:45:56Z)
• Towards Interpretable Anomaly Detection via Invariant Rule Mining [2.538209532048867]
  In this work, we pursue highly interpretable anomaly detection via invariant rule mining. Specifically, we leverage decision tree learning and association rule mining to automatically generate invariant rules. The generated invariant rules can provide explicit explanation of anomaly detection results and thus are extremely useful for subsequent decision-making.
  arXiv  Detail & Related papers  (2022-11-24T13:03:20Z)
• Fine-grained Anomaly Detection in Sequential Data via Counterfactual Explanations [19.836395281552626]
  We propose a novel framework called CFDet for fine-grained anomalous entry detection. Given a sequence that is detected as anomalous, we can consider anomalous entry detection as an interpretable machine learning task. We make use of the deep support vector data description (Deep SVDD) approach to detect anomalous sequences and propose a novel counterfactual interpretation-based approach to identify anomalous entries in the sequences.
  arXiv  Detail & Related papers  (2022-10-09T02:38:11Z)
• The Analysis of Online Event Streams: Predicting the Next Activity for Anomaly Detection [0.696125353550498]
  We propose to tackle the online event anomaly detection problem using next-activity prediction methods. We compare these predictive anomaly detection methods to four classical unsupervised anomaly detection approaches.
  arXiv  Detail & Related papers  (2022-03-17T21:17:19Z)
• Explainable Deep Few-shot Anomaly Detection with Deviation Networks [123.46611927225963]
  We introduce a novel weakly-supervised anomaly detection framework to train detection models. The proposed approach learns discriminative normality by leveraging the labeled anomalies and a prior probability. Our model is substantially more sample-efficient and robust, and performs significantly better than state-of-the-art competing methods in both closed-set and open-set settings.
  arXiv  Detail & Related papers  (2021-08-01T14:33:17Z)
• Recomposition vs. Prediction: A Novel Anomaly Detection for Discrete Events Based On Autoencoder [5.781280693720236]
  One of the most challenging problems in the field of intrusion detection is anomaly detection for discrete event logs. We propose DabLog, a Deep Autoencoder-Based anomaly detection method for discrete event Logs. Our approach determines whether a sequence is normal or abnormal by analyzing (encoding) and reconstructing (decoding) the given sequence.
  arXiv  Detail & Related papers  (2020-12-27T16:31:05Z)
• Toward Deep Supervised Anomaly Detection: Reinforcement Learning from Partially Labeled Anomaly Data [150.9270911031327]
  We consider the problem of anomaly detection with a small set of partially labeled anomaly examples and a large-scale unlabeled dataset. Existing related methods either exclusively fit the limited anomaly examples that typically do not span the entire set of anomalies, or proceed with unsupervised learning from the unlabeled data. We propose here instead a deep reinforcement learning-based approach that enables an end-to-end optimization of the detection of both labeled and unlabeled anomalies.
  arXiv  Detail & Related papers  (2020-09-15T03:05:39Z)
• Deep Weakly-supervised Anomaly Detection [118.55172352231381]
  Pairwise Relation prediction Network (PReNet) learns pairwise relation features and anomaly scores. PReNet can detect any seen/unseen abnormalities that fit the learned pairwise abnormal patterns. Empirical results on 12 real-world datasets show that PReNet significantly outperforms nine competing methods in detecting seen and unseen anomalies.
  arXiv  Detail & Related papers  (2019-10-30T00:40:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.