Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Control-flow Reconstruction Attacks on Business Process Models

Henrik Kirchmann, Stephan A. Fahrenkrog-Petersen, Felix Mannhardt, Matthias Weidlich

TL;DR

This work proposes different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations and compares the reconstructed process executions with those of the original log for several real-world datasets.

Abstract

Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.

Control-flow Reconstruction Attacks on Business Process Models

TL;DR

This work proposes different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations and compares the reconstructed process executions with those of the original log for several real-world datasets.

Abstract

Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.
Paper Structure (12 sections, 1 equation, 5 figures, 3 tables)

This paper contains 12 sections, 1 equation, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Control-Flow Reconstruction
  5. Play-out Strategies for Process Trees
  6. Reconstructing the Number of Loop Iterations
  7. Experimental Evaluation
  8. Experimental Setup
  9. Evaluation measures
  10. Results
  11. Discussion
  12. Conclusion

Figures (5)

  • Figure 1: (a) A log of patient treatments and three process models for it: (b) a 'flower model' describing any set of traces; (c) a 'trace model' enumerating all traces; (d) a model offering some generalization, potentially annotated with frequencies.
  • Figure 2: Visualization of the process tree $Q = \ \to ( \wedge ( a, \times ( b, c)), \circlearrowleft ( d, \tau))$.
  • Figure 3: The three common scenarios how a model discovered from log $L = [\langle a, b, d \rangle, \langle a, c, d \rangle, \langle c, a, d, d, d, d, d \rangle^2,\langle b, a, d, d, d\rangle]$ can be released.
  • Figure 4: The distribution of the average trace length when playing out 100 traces using each play-out strategy from $\circlearrowleft (a$:$10000, \tau$:$9000)$:$1000$, along with the distribution of the original log $L= [\langle a,a,a,a,a,a,a,a,a,a\rangle^{1000}]$.
  • Figure 5: The trace length distributions for the BPIC 2017 log.

Theorems & Definitions (5)

  • definition thmcounterdefinition: Process Tree
  • definition thmcounterdefinition: Auxiliary Operators
  • definition thmcounterdefinition: Language of a Process Tree
  • definition thmcounterdefinition
  • definition thmcounterdefinition: Normalized histogram intersection (NHI) size