• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1509-1521
• /
• 2011

WfMC, which is one of the international standardization organizations leading the business process and workflow technologies, has been officially released the BPAF1.0 that is a standard format to record process instances' event logs according as the business process intelligence mining technologies have recently issued in the business process and workflow literature. The business process mining technologies consist of two groups of algorithms and their analysis techniques; one is to rediscover flow-oriented process-intelligence, such as control-flow, data-flow, role-flow, and actor-flow intelligence, from process instances' event logs, and the other has something to do with rediscovering relation-oriented process-intelligence like process-driven social networks and process-driven affiliation networks from the event logs. The current standardized format of BPAF1.0 aims at only supporting the control-flow oriented process-intelligence mining techniques, and so it is unable to properly support the relation-oriented process-intelligence mining techniques. Therefore, this paper tries to extend the BPAF1.0 so as to reasonably support the relation-oriented process-intelligence mining techniques, and the extended BPAF is termed BPAF2.0. Particularly, we have a plan to standardize the extended BPAF2.0 as not only the national standard specifications through the e-Business project group of TTA, but also the international standard specifications of WfMC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Korean Journal of Computational Design and Engineering
• /
• v.17 no.2
• /
• pp.97-110
• /
• 2012

High performance sensors and modern data logging technology with real-time telemetry facilitate system fault diagnosis in a very precise manner. Fault detection, isolation and identification in fault diagnosis systems are typical steps to analyze the root cause of failures. This systematic failure analysis provides not only useful clues to rectify the abnormal behaviors of a system, but also key information to redesign the current system for retrofit. The main barriers to effective failure analysis are: (i) the gathered data (event) logs are too large in general, and further (ii) they usually contain noise and redundant data that make precise analysis difficult. This paper therefore applies suitable pre-processing techniques to data reduction and feature extraction, and then converts the reduced data log into a new format of event sequence information. Finally the event sequence information is decoded to investigate the correlation between specific event patterns and various system faults. The efficiency of the developed pre-filtering procedure is examined with a terminal box data log of a marine diesel engine.

• Korean Journal of Computational Design and Engineering
• /
• v.18 no.4
• /
• pp.250-257
• /
• 2013

This paper introduces a failure analysis procedure that underpins real-time fault prognosis. In the previous study, we developed a systematic eventization procedure which makes it possible to reduce the original data size into a manageable one in the form of event logs and eventually to extract failure patterns efficiently from the reduced data. Failure patterns are then extracted in the form of event sequences by sequence-mining algorithms, (e.g. FP-Tree algorithm). Extracted patterns are stored in a failure pattern library, and eventually, we use the stored failure pattern information to predict potential failures. The two practical case studies (marine diesel engine and SIRIUS-II car engine) provide empirical support for the performance of the proposed failure analysis procedure. This procedure can be easily extended for wide application fields of failure analysis such as vehicle and machine diagnostics. Furthermore, it can be applied to human health monitoring & prognosis, so that human body signals could be efficiently analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.263-279
• /
• 2024

With the increasing trend of Cloud migration, security threats in the Cloud computing environment have also experienced a significant increase. Consequently, the importance of efficient incident investigation through log data analysis is being emphasized. In Cloud environments, the diversity of services and ease of resource creation generate a large volume of log data. Difficulties remain in determining which events to investigate when an incident occurs, and examining all the extensive log data requires considerable time and effort. Therefore, a systematic approach for efficient data investigation is necessary. CloudTrail, the Amazon Web Services(AWS) logging service, collects logs of all API call events occurring in an account. However, CloudTrail lacks insights into which logs to analyze in the event of an incident. This paper proposes an automated analysis framework that integrates Cloud Matrix and event information for efficient incident investigation. The framework enables simultaneous examination of user behavior log events, event frequency, and attack information. We believe the proposed framework contributes to Cloud incident investigations by efficiently identifying critical events based on the ATT&CK Framework.

• Journal of Internet Computing and Services
• /
• v.20 no.3
• /
• pp.85-92
• /
• 2019

In this paper, we extract the quantitative relation data of activities from the workflow event log file recorded in the XES standard format and connect them to rediscover the workflow process model. Extract the workflow process patterns and proportions with the rediscovered model. There are four types of control-flow elements that should be used to extract workflow process patterns and portions with log files: linear (sequential) routing, disjunctive (selective) routing, conjunctive (parallel) routing, and iterative routing patterns. In this paper, we focus on four of the factors, disjunctive routing, and conjunctive path. A framework implemented by the authors' research group extracts and arranges the activity data from the log and converts the iteration of duplicate relationships into a quantitative value. Also, for accurate analysis, a parallel process is recorded in the log file based on execution time, and algorithms for finding and eliminating information distortion are designed and implemented. With these refined data, we rediscover the workflow process model following the relationship between the activities. This series of experiments are conducted using the Large Bank Transaction Process Model provided by 4TU and visualizes the experiment process and results.

• Journal of Internet Computing and Services
• /
• v.24 no.5
• /
• pp.51-66
• /
• 2023

In this paper, we propose a new type of process discovery framework, which is named as control-path-driven process group discovery framework, to be used for process mining and process reengineering in supporting life-cycle management of business process models. In addition, we develop a process mining system based on the proposed framework and perform experimental verification through it. The process execution event logs applied to the experimental effectiveness and verification are specially defined as Process BIG-Logs, and we use it as the input datasets for the proposed discovery framework. As an eventual goal of this paper, we design and implement a control path-driven process group discovery algorithm and framework that is improved from the ρ-algorithm, and we try to verify the functional correctness of the proposed algorithm and framework by using the implemented system with a BIG-Log dataset. Note that all the process mining algorithm, framework, and system developed in this paper are based on the structural information control net process modeling methodology.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.1
• /
• pp.86-98
• /
• 2019

Recently, the trend of building container-based PaaS (Platform-as-a-Service) is expanding. Container-based platform technology has been a core technology for realizing a PaaS. Containers have lower operating overhead than virtual machines, so hundreds or thousands of containers can be run on a single physical machine. However, recording and monitoring the storage logs for a large number of containers running in cloud computing environment occurs significant overhead. This work has identified two problems that occur when detecting a file system change event of a container running in a cloud computing environment. This work also proposes a system for container file system event detection in the environment by solving the problem. In the performance evaluation, this work performed three experiments on the performance of the proposed system. It has been experimentally proved that the proposed monitoring system has only a very small effect on the CPU, memory read and write, and disk read and write speeds of the container.

• Journal of the Korea Safety Management & Science
• /
• v.24 no.4
• /
• pp.149-156
• /
• 2022

Manufacturing process mining performs various data analyzes of performance on event logs that record production. That is, it analyzes the event log data accumulated in the information system and extracts useful information necessary for business execution. Process data analysis by process mining analyzes actual data extracted from manufacturing execution systems (MES) to enable accurate manufacturing process analysis. In order to continuously manage and improve manufacturing and manufacturing processes, there is a need to structure, monitor and analyze the processes, but there is a lack of suitable technology to use. The purpose of this research is to propose a manufacturing process analysis method using process mining and to establish a manufacturing process mining system by analyzing empirical data. In this research, the manufacturing process was analyzed by process mining technology using transaction data extracted from MES. A relationship model of the manufacturing process and equipment was derived, and various performance analyzes were performed on the derived process model from the viewpoint of work, equipment, and time. The results of this analysis are highly effective in shortening process lead times (bottleneck analysis, time analysis), improving productivity (throughput analysis), and reducing costs (equipment analysis).

• Korean Journal of Computational Design and Engineering
• /
• v.17 no.4
• /
• pp.294-302
• /
• 2012

Process mining is a useful methodology that can be used for extracting user patterns in log files in order to discover efficient or inefficient processes in organizations. In general, it is used to find and reduce differences between pre-defined processes and actually executed processes in an organization. In this paper, we propose a method to improve processes in PDM/PLM systems based on process mining. In order to improve and detect the inefficient processes, we gathered event logs from PDM/PLM systems and derived process models using several process mining techniques such as ${\alpha}$-algorithm mining, heuristics mining, and fuzzy miner. By comparing original process models with process mining results, it is possible to detect differences between predefined processes and real ones; thereby we can build improved process models for future application.