DOI QR코드

DOI QR Code

The use of Local API(Anomaly Process Instances) Detection for Analyzing Container Terminal Event

로컬 API(Anomaly Process Instances) 탐지법을 이용한 컨테이너 터미널 이벤트 분석

  • Jeon, Daeuk (Pusan National University, Industrial Engineering) ;
  • Bae, Hyerim (Pusan National University, Industrial Engineering)
  • Received : 2015.08.07
  • Accepted : 2015.09.09
  • Published : 2015.11.30

Abstract

Information systems has been developed and used in various business area, therefore there are abundance of history data (log data) stored, and subsequently, it is required to analyze those log data. Previous studies have been focusing on the discovering of relationship between events and no identification of anomaly instances. Previously, anomaly instances are treated as noise and simply ignored. However, this kind of anomaly instances can occur repeatedly. Hence, a new methodology to detect the anomaly instances is needed. In this paper, we propose a methodology of LAPID (Local Anomaly Process Instance Detection) for discriminating an anomalous process instance from the log data. We specified a distance metric from the activity relation matrix of each instance, and use it to detect API (Anomaly Process Instance). For verifying the suggested methodology, we discovered characteristics of exceptional situations from log data. To demonstrate our proposed methodology, we performed our experiment on real data from a domestic port terminal.

시스템이 다양화 되면서 동시에 저장된 로그도 다양하게 분석할 필요가 생겼다. 이러한 로그 데이터 분석에 관한 필요성이 강해지는 환경이 시간 순으로 발생하는 이벤트 단위의 로그로부터 프로세스 모델을 도출하고, 시스템을 개선시키는 활동에 이바지하도록 요구하고 있다. 기존에는 개별 이벤트 단위의 로그를 분석하면서 속성들의 관계를 파악하는 연구가 활발했다. 본 논문에서는 로그 데이터를 활용한 예외적인 형태의 프로세스 인스턴스를 판별하는 방법으로 LAPID(Local Anomaly Process Instance Detection)를 제안한다. LAPID는 액티비티-릴레이션 매트릭스(Activity relation matrix)를 사용해서 계산된 거리 값을 활용하여, API(Anomaly Process Instance)를 탐색한다. 제시한 방법의 유용성을 검증하기 위하여 항만 물류에서 발생하는 컨테이너 이동에 대한 트레이스(Trace)를 포함하는 로그 데이터에서 예외적인 상황의 프로세스 실행이 가지는 특징을 도출하였다. 이를 위하여 본 논문에서는 국내의 실제 항만에서 발생한 이벤트 로그를 이용하여 사례연구를 수행하였다.

Keywords

References

  1. Agarwal, B. and Mittal, N., "Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques," Procedia Technology, Vol. 6, pp. 996-1003, 2012. https://doi.org/10.1016/j.protcy.2012.10.121
  2. Aggarwal, C. C., "Outlier analysis: Springer Science & Business Media," 2013.
  3. Agrawal, R. and Srikant, R., "Mining sequential patterns," in Data Engineering, 1995. Proceedings of the Eleventh International Conference on, pp. 3-14, 1995.
  4. Bezerra, F. and Wainer, J., "Algorithms for anomaly detection of traces in logs of process aware information systems," Information Systems, Vol. 38, No. 1, pp. 33-44, 2013. https://doi.org/10.1016/j.is.2012.04.004
  5. Bhaduri, K., Matthews, B. L., and Giannella, C. R., "Algorithms for speeding up distance-based outlier detection," in Proceedings of the 17th ACM SIGKDD international conference on Knowledge Discovery and Data Mining, pp. 859-867, 2011.
  6. Breunig, M. M., Kriegel, H.-P., Ng, R. T., and Sander, J., "LOF: identifying density- based local outliers," in ACM Sigmod Record, pp. 93-104, 2000.
  7. Chandola, V., Banerjee, A., and Kumar, V., "Anomaly detection: A survey," ACM Computing Surveys(CSUR), Vol. 41, No. 3, p. 15, 2009.
  8. Chen, S., Wang, W., and van Zuylen, H., "A comparison of outlier detection algorithms for ITS data," Expert Systems with Applications, Vol. 37, No. 2, pp. 1169-1178, 2010. https://doi.org/10.1016/j.eswa.2009.06.008
  9. Deza, M. M. and Deza, E., "Encyclopedia of distances: Springer," 2009.
  10. Du, W., Fang, L., and Peng, N., "LAD: Localization anomaly detection for wireless sensor networks," Journal of Parallel and Distributed Computing, Vol. 66, No. 7, pp. 874-886, 2006. https://doi.org/10.1016/j.jpdc.2005.12.011
  11. Han, B., Jiang, L., and Cai, H., "Abnormal Process Instances Identification Method in Healthcare Environment," in Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on, pp. 1387-1392, 2011.
  12. Han, J., Kamber, M., and Pei, J., "Data mining: concepts and techniques: Morgan Kaufmann," 2012.
  13. Jeon, D., Bae, H., and Pulshashi, I. R., "Detection of Anomaly Process Instances using the arc matrix," BSC lab, Pusan National Univ., 2015.
  14. Kang, B. Y., Kim, D. S., and Kang, S. H., "Extended KNN Imputation Based LOF Prediction Algorithm for Real-time Business Process Monitoring Method," The Jounal of Society for e-Business Studies, Vol. 15, No. 4, pp. 303-317, 2010.
  15. Kim, H. K. and Shin, K. S., "Analysis and Improvement of Stocking and Releasing Processes in Logistics Warehouse Using Process Mining Approach," Journal of the Korean Operations Research and Management Science Society, Vol. 39, No. 4, pp. 1-17, 2014. https://doi.org/10.7737/JKORMS.2014.39.4.001
  16. Kim, K. H., Oh, K. H., Lee, Y. K., and Jung, J. Y., "Discovery of Travel Patterns in Seoul Metropolitan Subway Using Big Data of Smart Card Transaction Systems," The Journal of Society for e-Business Studies, Vol. 18, No. 3, pp. 211-222, 2013. https://doi.org/10.7838/jsebs.2013.18.3.211
  17. Kim, S., Cho, N. W., Kang, S. H., "Density-based Outlier Detection for Very Large Data," Journal of the Korean Operations Research and Management Science Society, Vol. 35, No. 2, pp. 71-88, 2010.
  18. Kovach, S. and Ruggiero, W. V., "Online banking fraud detection based on local and global behavior," in ICDS 2011, The Fifth International Conference on Digital Society, pp. 166-171, 2011.
  19. Lee, J. S., Kang, B. Y., and Kang, S. H., "The Use of Local Outlier Factor(LOF) for Improving Performance of Independent Component Analysis(ICA) based Statistical Process Control(SPC)," Journal of the Korean Operations Research and Management Science Society, Vol. 36, No. 1, pp. 39-55, 2011.
  20. Levenshtein, V. I., "Binary codes capable of correcting deletions, insertions and reversals," in Soviet physics doklady, p. 707, 1966.
  21. Lin, S. and Brown, D. E., "An outlier-based data association method for linking criminal incidents," Decision Support Systems, Vol. 41, No. 3, pp. 604-615, 2006. https://doi.org/10.1016/j.dss.2004.06.005
  22. Ngai, E. W. T., Hu, Y., Wong, Y. H., Chen, Y., and Sun, X., "The application of data mining techniques in financial fraud detection: A classification framework and an academic review of literature," Decision Support Systems, Vol. 50, No. 3, pp. 559-569, 2011. https://doi.org/10.1016/j.dss.2010.08.006
  23. Pei, J., Han, J., Mortazavi-Asl, B., Pinto, H., Chen, Q., and Dayal, U. et al., "Prefixspan: Mining sequential patterns efficiently by prefix-projected pattern growth," in International Conference on Knowledge Discovery in Databases and Data Mining, pp. 215-224, 2001.
  24. Potter, C., TAN, P. N., Steinbach, M., Klooster, S., Kumar, V., and Myneni, R. et al., "Major disturbance events in terrestrial ecosystems detected using global satellite data sets," Global Change Biology, Vol. 9, No. 7, pp. 1005-1021, 2003. https://doi.org/10.1046/j.1365-2486.2003.00648.x
  25. Purarjomandlangrudi, A., Ghapanchi, A. H., and Esmalifalak, M., "A data mining approach for fault diagnosis: An application of anomaly detection algorithm," Measurement, Vol. 55, pp. 343-352, 2014. https://doi.org/10.1016/j.measurement.2014.05.029
  26. Shyur, H.-J., Jou, C., and Chang, K., "A data mining approach to discovering reliable sequential patterns," Journal of Systems and Software, Vol. 86, No. 8, pp. 2196-2203, 2013. https://doi.org/10.1016/j.jss.2013.03.105
  27. Van der Aalst, W. M. P. and de Medeiros, A. K. A., "Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance," Electronic Notes in Theoretical Computer Science, Vol. 121, pp. 3-21, 2005. https://doi.org/10.1016/j.entcs.2004.10.013
  28. Van der Aalst, W. M., Discovery, "Conformance and Enhancement of Business Processes: Springer," 2011.
  29. Van Der Aalst, W., Adriansyah, A., de Medeiros, A. K. A., Arcieri, F., Baier, T., Blickle, T. et al., "Process mining manifesto," in Business process management workshops, pp. 169-194, 2012.
  30. Xiong, W., Hu, H., Xiong, N., Yang, L. T., Peng, W.-C., Wang, X. et al., "Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications," Information Sciences, Vol. 258, pp. 403-415, 2014. https://doi.org/10.1016/j.ins.2013.04.009