Suriadi

Mining Business Process Deviance: A Quest for Accuracy

This paper evaluates the suitability of sequence classification techniques for analyzing deviant business process executions based on event logs. Deviant process executions are those that deviate in a negative or positive way with respect to normative or desirable outcomes, such as executions that undershoot or exceed performance targets. We evaluate a range of features and classification methods based on their ability to accurately discriminate between normal and deviant executions. We also analyze the ability of the discovered rules to explain potential causes of observed deviances. The evaluation shows that feature types extracted using pattern mining techniques only slightly outperform those based on individual activity frequency. It also suggest that more complex feature types ought to be explored to achieve higher levels of accuracy.

Event log imperfection patterns for process mining

Process-oriented data mining (process mining) uses algorithms and data (in the form of event logs) to construct models that aim to provide insights into organisational processes. The quality of the data (both form and content) presented to the modeling algorithms is critical to the success of the process mining exercise. Cleaning event logs to address quality issues prior to conducting a process mining analysis is a necessary, but generally tedious and ad hoc task. In this paper we describe a set of data quality issues, distilled from our experiences in conducting process mining analyses, commonly found in process mining event logs or encountered while preparing event logs from raw data sources. We show that patterns are used in a variety of domains as a means for describing commonly encountered problems and solutions. The main contributions of this article are in showing that a patterns-based approach is applicable to documenting commonly encountered event log quality issues, the formulation of a set of components for describing event log quality issues as patterns, and the description of a collection of 11 event log imperfection patterns distilled from our experiences in preparing event logs. We postulate that a systematic approach to using such a pattern repository to identify and repair event log quality issues benefits both the process of preparing an event log and the quality of the resulting event log. The relevance of the pattern-based approach is illustrated via application of the patterns in a case study and through an evaluation by researchers and practitioners in the field.

Process Mining for Clinical Processes: A Comparative Analysis of Four Australian Hospitals

Business process analysis and process mining, particularly within the health care domain, remain under-utilized. Applied research that employs such techniques to routinely collected health care data enables stakeholders to empirically investigate care as it is delivered by different health providers. However, cross-organizational mining and the comparative analysis of processes present a set of unique challenges in terms of ensuring population and activity comparability, visualizing the mined models, and interpreting the results. Without addressing these issues, health providers will find it difficult to use process mining insights, and the potential benefits of evidence-based process improvement within health will remain unrealized. In this article, we present a brief introduction on the nature of health care processes, a review of process mining in health literature, and a case study conducted to explore and learn how health care data and cross-organizational comparisons with process-mining techniques may be approached. The case study applies process-mining techniques to administrative and clinical data for patients who present with chest pain symptoms at one of four public hospitals in South Australia. We demonstrate an approach that provides detailed insights into clinical (quality of patient health) and fiscal (hospital budget) pressures in the delivery of health care. We conclude by discussing the key lessons learned from our experience in conducting business process analysis and process mining based on the data from four different hospitals.

Defending Web Services against Denial of Service Attacks Using Client Puzzles

The interoperable and loosely-coupled web services architecture, while beneficial, can be resource-intensive, and is thus susceptible to denial of service (DoS) attacks in which an attacker can use a relatively insignificant amount of resources to exhaust the computational resources of a web service. We investigate the effectiveness of defending web services from DoS attacks using client puzzles, a cryptographic countermeasure which provides a form of gradual authentication by requiring the client to solve some computationally difficult problems before access is granted. In particular, we describe a mechanism for integrating a hash-based puzzle into existing web services frameworks and analyze the effectiveness of the countermeasure using a variety of scenarios on a network test bed. Client puzzles are an effective defence against flooding attacks. They can also mitigate certain types of semantic-based attacks, although they may not be the optimal solution.

Validating Denial of Service Vulnerabilities in Web Services

The loosely-coupled and dynamic nature of web services architectures has many benefits, but also leads to an increased vulnerability to denial of service attacks. While many papers have surveyed and described these vulnerabilities, they are often theoretical and lack experimental data to validate them, and assume an obsolete state of web services technologies. This paper describes experiments involving several denial of service vulnerabilities in well-known web services platforms, including Java Metro, Apache Axis, and Microsoft.NET. The results both confirm and deny the presence of some of the most well-known vulnerabilities in web services technologies. Specifically, major web services platforms appear to cope well with attacks that target memory exhaustion. However, attacks targeting CPU-time exhaustion are still effective, regardless of the victim’s platform.

Measuring Patient Flow Variations: A Cross-Organisational Process Mining Approach

Variations that exist in the treatment of patients (with similar symptoms) across different hospitals do substantially impact the quality and costs of healthcare. Consequently, it is important to understand the similarities and differences between the practices across different hospitals. This paper presents a case study on the application of process mining techniques to measure and quantify the differences in the treatment of patients presenting with chest pain symptoms across four South Australian hospitals. Our case study focuses on cross-organisational benchmarking of processes and their performance. Techniques such as clustering, process discovery, performance analysis, and scientific workflows were applied to facilitate such comparative analyses. Lessons learned in overcoming unique challenges in cross-organisational process mining, such as ensuring population comparability, data granularity comparability, and experimental repeatability are also presented.

A Distributed Denial of Service Testbed

The Denial of Service Testing Framework (dosTF) being developed as part of the joint India-Australia research project for ’Protecting Critical Infrastructure from Denial of Service Attacks’ allows for the construction, monitoring and management of emulated Distributed Denial of Service attacks using modest hardware resources. The purpose of the testbed is to study the effectiveness of different DDoS mitigation strategies and to allow for the testing of defense appliances. Experiments are saved and edited in XML as abstract descriptions of an attack/defense strategy that is only mapped to real resources at run-time. It also provides a web-application portal interface that can start, stop and monitor an attack remotely. Rather than monitoring a service under attack indirectly, by observing traffic and general system parameters, monitoring of the target application is performed directly in real time via a customised SNMP agent.

Event interval analysis

Through the application of process mining, valuable evidence-based insights can be obtained about business processes in organisations. As a result, the field has seen an increased uptake in recent years as evidenced by success stories and increased tool support. However, despite this impact, current performance analysis capabilities remain somewhat limited in the context of information-poor event logs. For example, natural daily and weekly patterns are not considered but they are vital for understanding the performance of processes and resources. In this paper, a new framework for analysing event logs is defined. Our framework is based on the concept of event interval. The framework allows for a systematic approach to sophisticated performance-related analysis beyond the capabilities of existing log-based analysis techniques, even with information-poor event logs. The paper formalises a range of event interval types and then presents an implementation as well as an evaluation of the proposed approach. A new framework is proposed to analyse process performance via information-poor log.It is built upon a new concept of event interval to systematically extract rich insights.It has been implemented as a plug-in tool within an open-source environment.It has been validated using a real log from an Australian insurance organisation.It has been applied to gain interesting performance insights from the industry log.

Security analysis of the non-aggressive challenge response of the DNP3 protocol using a CPN model

Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standard-based interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.

Conditional Privacy Using Re-encryption

This paper proposes, for the first time, the use of re-encryption scheme to improve users privacy in a privacy-enhancing system. Firstly, a secure protocol to distribute a re-encryption key from a user A to a service provider B, with the help of n referees, is proposed. Next, this re-encryption key distribution protocol is combined with an existing private credential system to provide a protocol for conditional revocation of private information. This protocol has a strong accountability property with efficient online performance. It does not assume the existence of a single trusted entity. We tolerate up to t dishonest referees (t les n - 1), while A and B are dishonest and do not trust each other.