Majid Rafiei,Wil M.P. van der Aalst

DOI: https://doi.org/10.1007/978-3-030-58638-6_8

2021-01-04

Abstract:Process mining aims to provide insights into the actual processes based on event data. These data are often recorded by information systems and are widely available. However, they often contain sensitive private information that should be analyzed responsibly. Therefore, privacy issues in process mining are recently receiving more attention. Privacy preservation techniques obviously need to modify the original data, yet, at the same time, they are supposed to preserve the data utility. Privacy-preserving transformations of the data may lead to incorrect or misleading analysis results. Hence, new infrastructures need to be designed for publishing the privacy-aware event data whose aim is to provide metadata regarding the privacy-related transformations on event data without revealing details of privacy preservation techniques or the protected information. In this paper, we provide formal definitions for the main anonymization operations, used by privacy models in process mining. These are used to create an infrastructure for recording the privacy metadata. We advocate the proposed privacy metadata in practice by designing a privacy extension for the XES standard and a general data structure for event data which are not in the form of standard event logs.

Cryptography and Security,Databases

Majid Rafiei,Wil M.P. van der Aalst

DOI: https://doi.org/10.1016/j.datak.2021.101908

2021-07-01

Abstract:<p>Process mining techniques help to improve processes using event data. Such data are widely available in information systems. However, they often contain highly sensitive information. For example, healthcare information systems record event data that can be utilized by process mining techniques to improve the treatment process, reduce patient's waiting times, improve resource productivity, etc. However, the recorded event data include highly sensitive information related to treatment activities. Responsible process mining should provide insights about the underlying processes, yet, at the same time, it should not reveal sensitive information. In this paper, we discuss the challenges regarding directly applying existing well-known group-based privacy preservation techniques, e.g., <span class="math"><math>k</math></span>-anonymity, <span class="math"><math>l</math></span>-diversity, etc, to event data. We provide formal definitions of attack models and introduce an effective <em>group-based privacy preservation technique</em> for process mining. Our technique covers the main perspectives of process mining including <em>control-flow</em>, <em>time</em>, <em>case</em>, and <em>organizational</em> perspectives. The proposed technique provides interpretable and adjustable parameters to handle different privacy aspects. We employ real-life event data and evaluate both data utility and result utility to show the effectiveness of the privacy preservation technique. We also compare this approach with other group-based approaches for privacy-preserving event data publishing.</p>

computer science, information systems, artificial intelligence

Anastasiia Pika,Moe T. Wynn,Stephanus Budiono,Arthur H.M. ter Hofstede,Wil M.P. van der Aalst,Hajo A. Reijers

DOI: https://doi.org/10.3390/ijerph17051612

IF: 4.614

2020-01-01

International Journal of Environmental Research and Public Health

Abstract:Process mining has been successfully applied in the healthcare domain and has helped to uncover various insights for improving healthcare processes. While the benefits of process mining are widely acknowledged, many people rightfully have concerns about irresponsible uses of personal data. Healthcare information systems contain highly sensitive information and healthcare regulations often require protection of data privacy. The need to comply with strict privacy requirements may result in a decreased data utility for analysis. Until recently, data privacy issues did not get much attention in the process mining community; however, several privacy-preserving data transformation techniques have been proposed in the data mining community. Many similarities between data mining and process mining exist, but there are key differences that make privacy-preserving data mining techniques unsuitable to anonymise process data (without adaptations). In this article, we analyse data privacy and utility requirements for healthcare process data and assess the suitability of privacy-preserving data transformation methods to anonymise healthcare data. We demonstrate how some of these anonymisation methods affect various process mining results using three publicly available healthcare event logs. We describe a framework for privacy-preserving process mining that can support healthcare process mining analyses. We also advocate the recording of privacy metadata to capture information about privacy-preserving transformations performed on an event log.

Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Ryan Hildebrant,Stephan A. Fahrenkrog-Petersen,Matthias Weidlich,Shangping Ren

2023-05-02

Abstract:Anonymization of event logs facilitates process mining while protecting sensitive information of process stakeholders. Existing techniques, however, focus on the privatization of the control-flow. Other process perspectives, such as roles, resources, and objects are neglected or subject to randomization, which breaks the dependencies between the perspectives. Hence, existing techniques are not suited for advanced process mining tasks, e.g., social network mining or predictive monitoring. To address this gap, we propose PMDG, a framework to ensure privacy for multi-perspective process mining through data generalization. It provides group-based privacy guarantees for an event log, while preserving the characteristic dependencies between the control-flow and further process perspectives. Unlike existin privatization techniques that rely on data suppression or noise insertion, PMDG adopts data generalization: a technique where the activities and attribute values referenced in events are generalized into more abstract ones, to obtain equivalence classes that are sufficiently large from a privacy point of view. We demonstrate empirically that PMDG outperforms state-of-the-art anonymization techniques, when mining handovers and predicting outcomes.

Databases,Cryptography and Security

Mohsen Kazemian,Markus Helfert

DOI: https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361442

2023-04-07

Abstract:Novel technological achievements in the fields of business intelligence, business management and data science are based on real-time and complex virtual networks. Sharing data between a large number of organizations that leads to a system with high computational complexity is one of the considerable characteristics of the current business networks. Discovery, conformance and enhancement of the business processes are performed using the generated event logs. In this regard, one of the overlooked challenges is privacy-preserving in the field of process mining in the industry. To preserve the data-privacy with a low computational complexity structure that is a necessity for the current digital business technology, a novel lightweight encryption method based on Haar transform and a private key is proposed in this paper. We compare the proposed method with the well-known homomorphic cryptosystem and Walsh- Hadamard encryption (WHE) in terms of cryptography, computational complexity and structure vulnerability. The analyses show that the proposed method anonymizes the event logs with the lower complexity and more accuracy compared with two aforementioned cryptosystems, significantly.

Cryptography and Security,Signal Processing

Cong Liu,Hua Duan,QingTian Zeng,MengChu Zhou,Faming Lu,Jiujun Cheng

DOI: https://doi.org/10.1109/tsc.2016.2617331

IF: 11.019

2019-01-01

IEEE Transactions on Services Computing

Abstract:More and more business requirements are crossing organizational boundaries. There comes the cross-organization business process management, and its modeling is a complicated task. Mining a cross-organization business process aims to discover its model from a set of distributed event logs. Unfortunately, traditional process mining approaches totally neglect the privacy-preservation issue, which means the privacy of both event log and business process model. In this paper, a privacy-preservation cross-organization business process mining framework is proposed to handle its privacy issues. It includes three steps: (1) each organization discovers its private and public business process models from its event logs; (2) the trusted third-party midware takes the public process models as input and generates cooperative public process model fragments of each organization; and (3) each organization combines its private business process model with its relevant public fragments to obtain the organization-specific cross-organization cooperative business process model. To illustrate the applicability of the proposed approach, a multi-modal cross-organization transportation case is used for its validation and comparison with other methods.

Anastasiia Pika,Moe T. Wynn,Stephanus Budiono,Arthur H. M. ter Hofstede,Wil M. P. van der Aalst,Hajo A. Reijers

DOI: https://doi.org/10.1007/978-3-030-37453-2_39

2019-01-01

Abstract:Process mining has been successfully applied in the healthcare domain and helped to uncover various insights for improving healthcare processes. While benefits of process mining are widely acknowledged, many people rightfully have concerns about irresponsible use of personal data. Healthcare information systems contain highly sensitive information and healthcare regulations often require protection of privacy of such data. The need to comply with strict privacy requirements may result in a decreased data utility for analysis. Although, until recently, data privacy issues did not get much attention in the process mining community, several privacy-preserving data transformation techniques have been proposed in the data mining community. Many similarities between data mining and process mining exist, but there are key differences that make privacy-preserving data mining techniques unsuitable to anonymise process data. In this article, we analyse data privacy and utility requirements for healthcare process data and assess the suitability of privacy-preserving data transformation methods to anonymise healthcare data. We also propose a framework for privacy-preserving process mining that can support healthcare process mining analyses.

Valerio Goretti,Davide Basile,Luca Barbaro,Claudio Di Ciccio

2024-10-06

Abstract:In the contemporary business landscape, collaboration across multiple organizations offers a multitude of opportunities, including reduced operational costs, enhanced performance, and accelerated technological advancement. The application of process mining techniques in an inter-organizational setting, exploiting the recorded process event data, enables the coordination of joint effort and allows for a deeper understanding of the business. Nevertheless, considerable concerns pertaining to data confidentiality emerge, as organizations frequently demonstrate a reluctance to expose sensitive data demanded for process mining, due to concerns related to privacy and security risks. The presence of conflicting interests among the parties involved can impede the practice of open data sharing. To address these challenges, we propose our approach and toolset named CONFINE, which we developed with the intent of enabling process mining on process event data from multiple providers while preserving the confidentiality and integrity of the original records. To ensure that the presented interaction protocol steps are secure and that the processed information is hidden from both involved and external actors, our approach is based on a decentralized architecture and consists of trusted applications running in Trusted Execution Environments (TEE). In this demo paper, we provide an overview of the core components and functionalities as well as the specific details of its application.

Distributed, Parallel, and Cluster Computing

Gamal Elkoumy,Alisa Pankova,Marlon Dumas

DOI: https://doi.org/10.48550/arXiv.2012.01119

2020-12-03

Abstract:Process mining techniques enable organizations to analyze business process execution traces in order to identify opportunities for improving their operational performance. Oftentimes, such execution traces contain private information. For example, the execution traces of a healthcare process are likely to be privacy-sensitive. In such cases, organizations need to deploy Privacy-Enhancing Technologies (PETs) to strike a balance between the benefits they get from analyzing these data and the requirements imposed onto them by privacy regulations, particularly that of minimizing re-identification risks when data are disclosed to a process analyst. Among many available PETs, differential privacy stands out for its ability to prevent predicate singling out attacks and its composable privacy guarantees. A drawback of differential privacy is the lack of interpretability of the main privacy parameter it relies upon, namely epsilon. This leads to the recurrent question of how much epsilon is enough? This article proposes a method to determine the epsilon value to be used when disclosing the output of a process mining technique in terms of two business-relevant metrics, namely absolute percentage error metrics capturing the loss of accuracy (a.k.a. utility loss) resulting from adding noise to the disclosed data, and guessing advantage, which captures the increase in the probability that an adversary may guess information about an individual as a result of a disclosure. The article specifically studies the problem of protecting the disclosure of the so-called Directly-Follows Graph (DFGs), which is a process mining artifact produced by most process mining tools. The article reports on an empirical evaluation of the utility-risk trade-offs that the proposed approach achieves on a collection of 13 real-life event logs.

Cryptography and Security,Software Engineering

Gamal Elkoumy,Stephan A. Fahrenkrog-Petersen,Mohammadreza Fani Sani,Agnes Koschmider,Felix Mannhardt,Saskia Nuñez Von Voigt,Majid Rafiei,Leopold Von Waldthausen

DOI: https://doi.org/10.1145/3468877

2022-03-31

ACM Transactions on Management Information Systems

Abstract:Privacy and confidentiality are very important prerequisites for applying process mining to comply with regulations and keep company secrets. This article provides a foundation for future research on privacy-preserving and confidential process mining techniques. Main threats are identified and related to a motivation application scenario in a hospital context as well as to the current body of work on privacy and confidentiality in process mining. A newly developed conceptual model structures the discussion that existing techniques leave room for improvement. This results in a number of important research challenges that should be addressed by future process mining research.

Richard Hobeck,Christopher Klinkmüller,H. M. N. Dilum Bandara,Ingo Weber,Wil van der Aalst

DOI: https://doi.org/10.1007/s12599-024-00903-5

2024-10-26

Business & Information Systems Engineering

Abstract:Blockchain technology is known for its transparency properties due to its publicly available, immutable data. Yet, as data availability does not inherently ensure transparency, further analytical methods may be required for human interpretation of data traces. Process mining has emerged as a popular toolbox for understanding processes and how they are executed in practice. The paper studies process mining as a method to enhance the transparency of blockchain data. To this end, two popular Ethereum applications were analyzed using process mining: the prediction and betting marketplace Augur and the network marketing platform Forsage . Observations from the process-mining analyses are used to discuss if process mining can serve as a method to establish transparency of a blockchain. For both applications, new insights are generated for usage scenarios such as application redesign, security analysis, user behavior analysis, and revealing blind spots in Augur's and Forsage's documentation. The paper concludes that there is evidence that process mining can serve as a method to enhance transparency in blockchains at the cost of technical setup and knowledge acquisition.

computer science, information systems

Fouzia Alzhrani,Kawther Saeedi,Liping Zhao

DOI: https://doi.org/10.1016/j.jksuci.2024.101956

IF: 9.006

2024-02-01

Journal of King Saud University - Computer and Information Sciences

Abstract:Several studies were conducted to demonstrate the application of Process Mining (PM) techniques to Ethereum-compatible application event data. However, the availability of event data is constrained by the application's process awareness, which is under-reported in the literature. Based on domain analysis, which identified several challenges to mining the business process from blockchain applications, a framework was designed, instantiated, and tested in this study. The framework supports identification of appropriate cases for PM and automates the generation of event logs from blockchain data. It consists of two modules, the Process Awareness Recognizer (PAR) and the Event Log Generator (ELG). PAR is a rule-based classifier to assess the process awareness of a given application. ELG is an automated batch processing model consisting of three methods: (1) Extractor: to retrieve event data from blockchains; (2) Decoder: to transform the extracted data to a human-readable format; and (3) Formatter: to produce event log files in a format compatible with PM tools. It was validated by implementing a proof-of-concept application with an input set of 201 real-world applications. The results prove the framework's feasibility and applicability. Graphical abstract Download : Download high-res image (175KB) Download : Download full-size image

computer science, information systems

Bo Huang,Kai He,Rui Huang,Feifei Zhang,Shusheng Zhang

DOI: https://doi.org/10.1016/j.aei.2023.102037

IF: 8.8

2023-01-01

Advanced Engineering Informatics

Abstract:In the field of NC process design, a large number of designers or manufacturing enterprises have provided a wealth of crowd intelligence resources. However, the lack of organizational methods for the knowledge contained in a large number of machining process data makes it impossible to effectively utilize the machining process knowledge. At the same time, due to the intellectual property protection of machining process, process knowledge cannot be freely shared among designers and manufacturing enterprises, which makes the process design system limited in knowledge that can be applied and difficult to break through and improve. To counter this problem, a blockchain-based NC machining process decision and transaction approach is proposed. First, the process knowledge repositories in the process design consortium are structurally characterized by the probability graph structure to support the automatic decision-making of process schemes; Then, process design requirements are transmitted to each process design node in the consortium through the blockchain; Then, according to the process design requirements, the process scheme is determined in each node with the process design capability of such parts through depth first search and probability calculation; Finally, the process schemes are fed back to the demander through the blockchain to achieve the purpose of transaction and knowledge protection. The effectiveness of the proposed method is verified by the test of actual parts.

Dhinakaran D,Joe Prathap P. M,Selvaraj D,Arul Kumar D,Murugeshwari B

DOI: https://doi.org/10.14445/22315381/IJETT-V70I3P232

2023-04-21

Abstract:With the onset of the Information Era and the rapid growth of information technology, ample space for processing and extracting data has opened up. However, privacy concerns may stifle expansion throughout this area. The challenge of reliable mining techniques when transactions disperse across sources is addressed in this study. This work looks at the prospect of creating a new set of three algorithms that can obtain maximum privacy, data utility, and time savings while doing so. This paper proposes a unique double encryption and Transaction Splitter approach to alter the database to optimize the data utility and confidentiality tradeoff in the preparation phase. This paper presents a customized apriori approach for the mining process, which does not examine the entire database to estimate the support for each attribute. Existing distributed data solutions have a high encryption complexity and an insufficient specification of many participants' properties. Proposed solutions provide increased privacy protection against a variety of attack models. Furthermore, in terms of communication cycles and processing complexity, it is much simpler and quicker. Proposed work tests on top of a realworld transaction database demonstrate that the aim of the proposed method is realistic.

Cryptography and Security

Valerio Goretti,Davide Basile,Luca Barbaro,Claudio Di Ciccio

DOI: https://doi.org/10.1007/978-3-031-61057-8_30

2024-04-09

Abstract:Inter-organizational business processes involve multiple independent organizations collaborating to achieve mutual interests. Process mining techniques have the potential to allow these organizations to enhance operational efficiency, improve performance, and deepen the understanding of their business based on the recorded process event data. However, inter-organizational process mining faces substantial challenges, including topical secrecy concerns: The involved organizations may not be willing to expose their own data to run mining algorithms jointly with their counterparts or third parties. In this paper, we introduce CONFINE, a novel approach that unlocks process mining on multiple actors' process event data while safeguarding the secrecy and integrity of the original records in an inter-organizational business setting. To ensure that the phases of the presented interaction protocol are secure and that the processed information is hidden from involved and external actors alike, our approach resorts to a decentralized architecture comprised of trusted applications running in Trusted Execution Environments (TEEs). We show the feasibility of our solution by showcasing its application to a healthcare scenario and evaluating our implementation in terms of memory usage and scalability on real-world event logs.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Keyi Li,Sen Yang,Travis M. Sullivan,Randall S. Burd,Ivan Marsic

DOI: https://doi.org/10.48550/arXiv.2203.07949

2022-03-15

Abstract:Process data with confidential information cannot be shared directly in public, which hinders the research in process data mining and analytics. Data encryption methods have been studied to protect the data, but they still may be decrypted, which leads to individual identification. We experimented with different models of representation learning and used the learned model to generate synthetic process data. We introduced an adversarial generative network for process data generation (ProcessGAN) with two Transformer networks for the generator and the discriminator. We evaluated ProcessGAN and traditional models on six real-world datasets, of which two are public and four are collected in medical domains. We used statistical metrics and supervised learning scores to evaluate the synthetic data. We also used process mining to discover workflows for the authentic and synthetic datasets and had medical experts evaluate the clinical applicability of the synthetic workflows. We found that ProcessGAN outperformed traditional sequential models when trained on small authentic datasets of complex processes. ProcessGAN better represented the long-range dependencies between the activities, which is important for complicated processes such as the medical processes. Traditional sequential models performed better when trained on large data of simple processes. We conclude that ProcessGAN can generate a large amount of sharable synthetic process data indistinguishable from authentic data.

Machine Learning,Artificial Intelligence,Cryptography and Security

Gamal Elkoumy,Stephan A. Fahrenkrog-Petersen,Marlon Dumas,Peeter Laud,Alisa Pankova,Matthias Weildich

DOI: https://doi.org/10.48550/arXiv.1912.01855

2020-04-13

Abstract:Process mining is a family of techniques for analysing business processes based on event logs extracted from information systems. Mainstream process mining tools are designed for intra-organizational settings, insofar as they assume that an event log is available for processing as a whole. The use of such tools for inter-organizational process analysis is hampered by the fact that such processes involve independent parties who are unwilling to, or sometimes legally prevented from, sharing detailed event logs with each other. In this setting, this paper proposes an approach for constructing and querying a common type of artifact used for process mining, namely the frequency and time-annotated Directly-Follows Graph (DFG), over multiple event logs belonging to different parties, in such a way that the parties do not share the event logs with each other. The proposal leverages an existing platform for secure multi-party computation, namely Sharemind. Since a direct implementation of DFG construction in Sharemind suffers from scalability issues, the paper proposes to rely on vectorization of event logs and to employ a divide-and-conquer scheme for parallel processing of sub-logs. The paper reports on an experimental evaluation that tests the scalability of the approach on real-life logs.

Cryptography and Security

Helen Wilfred Raj,S. Balachandran

DOI: https://doi.org/10.3844/JCSSP.2020.194.201

2020-02-01

Journal of Computer Science

Abstract:Bigdata era is seeing the data burst occurring in a multitude of angles that are better expressed in terms of the 4Vs (Volume, Velocity, Velocity, Veracity). While trying to infer information from data, care should be exercised as not to reveal the identity of the data owner, which breaches the privacy rights. Leakage of information can happen right from the data collection point, at the data storage area, followed by the distribution of data to data users/miners and finally with published results. A cross-matching of all these points with the 4Vs (growing still) of big data, puts a huge challenge on how to extract the maximum possible information, without compromising on the privacy of the data owner. Anonymization of the original data should be done at one or more of the above-mentioned stages before the data are given for the mining process. This work makes a survey of the various anonymization techniques followed to transform the data in such a way that the privacy of the data owner is not compromised. Also, the sample data drawn should resemble and represent the original dataset in the maximum possible number of dimensions. The results of the various methodologies have been analyzed and the observations have been presented.

Computer Science

Yuliang Zheng,Xintao Wu,Songtao Guo

2007-01-01

Abstract:Privacy is often considered as a social, moral or legal concept. As Internet and e-commerce have prospered nowadays, privacy has become one of the most important issues in IT and has received increasing attention from enterprises, consumers and legislators. Although various techniques, such as randomization-based methods, cryptographic-based methods, and database inference control etc. have been developed, many key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of the privacy has been expanded. An essential problem under the context is tradeoffs between the data utility and the disclosure risk. Since previous research only conducted empirical evaluations or limited analysis for existing randomization techniques, a more solid theoretical analysis is needed. This dissertation investigates different perturbation models in randomization-based privacy preserving data mining. Among them, the additive-noise-based model and the projection-based-model are primary tools. For the additive-noise-based perturbation, the explicit relation between noise and mining accuracy has not been carefully studied. We first propose an improved strategy to reconstruct the data based on the representative method. Then we develop explicit bounds of reconstruction error. Both the upper bound and the lower bound provide a guideline to balance the privacy/accuracy tradeoff. We also discuss other potential threats to the privacy based on our defined measure for quantifying the privacy. For the projection-based perturbation, properties of different models and possible disclosures within those models are analyzed in detail. Particularly, we propose an A-priori Knowledge-based ICA attack (AK-ICA) which is effective against all the existing projection models. Due to the vulnerabilities in previous randomization models, a general-location-model-based approach is proposed. It first builds a statistical model to fit the real data with both categorical and numerical types of variables, then generates a synthetic data set for mining by tuning parameters of the model instead of perturbing particular individual values. Since the search space of parameters of the model is much smaller than that of data and all information which attackers can derive is contained in those parameters, this approach is expected to be more effective and efficient. This dissertation investigates privacy issues of the numerical data in this model, wherein the disclosure is analyzed and controlled in different scenarios.