Incorporating resource parameter in conformance checking

[philipempl]

Description:

I am currently working on a research paper where I need to identify malicious activities by detecting cases where a resource executes an unauthorized activity. To achieve this, I want to perform conformance checking using the pm4py library. However, when I use the alignments.apply_log() function, the conformance score is always 1, even when the activity is not covered by the model. Therefore, I would like to know if there is a way to incorporate the resource parameter in the conformance checking, so that I can detect when the right resource executes the right activity.

Steps to Reproduce:

# Create the alignment parameters
parameters = {"pm4py:param:activity_key": "concept:name", "pm4py:param:resource_key": "org:resource"}

# Perform the alignment
aligned_traces = alignments.apply_log(event_log_malicious, am_net, am_im, am_fm, parameters=parameters)

# Print the fitness score for each trace
for case in aligned_traces:
    print(case)
    #print("Trace", case["trace_id"], "Fitness", case["fitness"])

Expected Result:

I expect the conformance checking to take into account the resource parameter and identify cases where the right resource does not execute the right activity.

Actual Result:

The conformance score is always 1, even when the activity-resource tuple is not covered by the model.

Additional Information:

I have searched through the pm4py documentation and repository, but could not find any answer, function, or parameter to my question.

[fit-alessandro-berti]

Dear @philipempl

Unfortunately the problem of resource-based conformance checking is significantly different from control-flow based conformance checking.

Based on some ideas for a lab project in an university, I can recommend you to:

• Use declarative models (like the log skeleton and the temporal profile) rather than traditional procedural models. These models should take into account the resource perspective.
• Perform anomaly detection after one-hot encoding the combination of activity and resource
• Use SNA metrics (roles, handover of work, working together, similar activities) to highlight outlier behavior
• Use advanced metrics (resource profiles, batching, orgmining 2.0 ...) as described in the documentation of pm4py.

Cheers

[philipempl]

Hello @fit-alessandro-berti,

thank you very much for your input on resource-based conformance testing. Your ideas are very interesting, and I appreciate your suggestions on approaching this problem. I will definitely consider using declarative models, anomaly detection, and using SNA metrics and extended metrics as you suggested.

Of course, I will also cite the research paper behind this great Github repository. Kudos for this work.

Cheers

[roy-jingyang]

Hello @fit-alessandro-berti,

thank you very much for your input on resource-based conformance testing. Your ideas are very interesting, and I appreciate your suggestions on approaching this problem. I will definitely consider using declarative models, anomaly detection, and using SNA metrics and extended metrics as you suggested.

Of course, I will also cite the research paper behind this great Github repository. Kudos for this work.

Cheers

Hello @philipempl

I was one of the authors of the orgmining 2.0 paper and saw this thread by chance when checking the recent pm4py updates.

Our work on orgmining 2.0 has a published version (doi), in which we propose a new form of organizational models that allow evaluation of org. models vs. logs, paving the road to conformance checking. In that work we have not considered ordering of events due to our focus on organizational grouping.

There is some other relevant work built on control-flow models that are resource aware, which might be useful: De Leoni et al., Mannhardt et al.

Cheers

[fit-alessandro-berti]

Dear @roy-jingyang

We also implemented your approach (OrgMining 2.0) in pm4py. See: https://pm4py.fit.fraunhofer.de/documentation#item-11-8

Cheers, Alessandro