Process mining technologies for handling rare events when an exploit is committed

X.A. Lifanova, K.S. Zaytsev


The desire to apply information technology in all spheres of human activity recently requires new approaches to process management. This article is devoted to solving the problem of using the Process Mining technology to identify illegitimate influences on various processes based on information from event logs to ensure information security. For this, an algorithm for generating artificial event logs based on a first-order Markov chain has been developed, which successfully interacts with Process Mining algorithms to search for exploits. The study of the influence of the size and qualitative characteristics of the intermediate model in the form of a system of transitions on the size and qualitative characteristics of the target model in the form of a Petri net when converting using the algorithm of regions has been carried out. The results obtained will improve the efficiency of processing large data sets by Process Mining algorithms in order to build process models and, as a result, improve the applicability of algorithms that are sensitive to the size of input data when working with large event logs of real information systems.

Full Text:

PDF (Russian)


Shershakov S.A. Methods and tools for increasing the efficiency of mining algorithms. - Abstract of Ph.D. thesis, HSE, 2020 [electronic resource] (Date of request 02.04.2021).

R. Andrews, C.G.J. van Dun, M.T. Wynn, W. Kratsch, M.K.E. Röglinger, A.H.M. ter Hofstede, Quality-informed semi-automated event log generation for process mining, Decision Support Systems, V.132, 2020.

Günther C. W., Van Der Aalst W. M. P. Fuzzy Mining: Adaptive Process Simplification Based on Multi-perspective Metrics // Proceedings of the 5th International Conference on Business Process Management. — Brisbane, Australia : Springer-Verlag, 2007. p. 328-343. (BPM’07). - URL: (Date of request 22.02.2021).

CVE. [online resource] // . (Date of request 02.07.2020).

The Overview Of Anomaly Detection Methods in Data Streams. [online resource] // (Date of request 01.03.2020).

GOST R 53114-2008 National standard of the Russian Federation. Protection of information. Ensuring information security in the organization. Basic terms and definitions. [online resource] // . (Date of request 01.07.2020).

Common Vulnerability Scoring System, V3 Development Update. Режим доступа: . (Date of request 12.05.2020).

Systematics of vulnerabilities and security defects of software resources. [online resource] // (Date of request 01.06.2020).

Angluin D. Inference of Reversible Languages // J. ACM. - New York, NY, USA, 1982. - July.- V. 29, No 3. p. 741-765. - URL: (Date of request 22.03.2021).

Process Mining in Healthcare: Data Challenges When Answering Frequently Posed Questions. / R. Mans [and etc.] // ProHealth/KR4HC. Т. 7738 / под ред. R. Lenz [and etc.]. — Springer, 2012. - p. 140-153. - (Lecture Notes in Computer Science). - URL: bpm/kr4hc2012.html#MansAVM12. (Date of request 21.02.2021).

Buijs J., Dongen B., Aalst W. On the Role of Fitness, Precision, Generalization and Simplicity in Process Discovery // OTM Federated Conferences, 20th International Conference on Cooperative Information Systems (CoopIS 2012). Т. 7565 / ed. R. Meersman [and etc.]. - Springer-Verlag, Berlin, 2012. -p. 305


  • There are currently no refbacks.

Abava  Absolutech Convergent 2020

ISSN: 2307-8162