• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.101-108
• /
• 2019

Workflow management systems (WfMSs) automate and manage workflows, which are implementations of organizational processes operated in process-centric organizations. In this paper, wepropose an algorithm to discover temporal work transference networks from workflow execution logs. The temporal work transference network is a special type of enterprise social networks that consists of workflow performers, and relationships among them that are formed by work transferences between performers who are responsible in performing precedent and succeeding activities in a workflow process. In terms of analysis, the temporal work transference network is an analytical property that has significant value to be analyzed to discover organizational knowledge for human resource management and related decision-making steps for process-centric organizations. Also, the beginning point of implementinga human-centered workflow intelligence framework dealing with work transference networks is to develop an algorithm for discovering temporal work transference cases on workflow execution logs. To this end, we first formalize a concept of temporal work transference network, and next, we present a discovery algorithm which is for the construction of temporal work transference network from workflow execution logs. Then, as a verification of the proposed algorithm, we apply the algorithm to an XES-formatted log dataset that was released by the process mining research group and finally summarize the discovery result.

• Journal of Internet Computing and Services
• /
• v.20 no.3
• /
• pp.77-84
• /
• 2019

Workflow management system is a system that manages the workflow model which defines the process of work in reality. We can define the workflow process by sequencing jobs which is performed by the performers. Using the workflow management system, we can also analyze the flow of the process and revise it more efficiently. Many researches are focused on how to make the workflow process model more efficiently and manage it more easily. Recently, many researches use the workflow log files which are the execution history of the workflow process model performed by the workflow management system. Ourresearch group has many interests in making useful knowledge from the workflow event logs. In this paper we use XES log files because there are many data using this format. This papersuggests what are the cardinalities of the temporal workcases and how to get them from the workflow event logs. Cardinalities of the temporal workcases are the occurrence pattern of critical elements in the workflow process. We discover instance cardinalities, activity cardinalities and organizational resource cardinalities from several XES-based workflow event logs and visualize them. The instance cardinality defines the occurrence of the workflow process instances, the activity cardinality defines the occurrence of the activities and the organizational cardinality defines the occurrence of the organizational resources. From them, we expect to get many useful knowledge such as a patterns of the control flow of the process, frequently executed events, frequently working performer and etc. In further, we even expect to predict the original process model by only using the workflow event logs.

• Journal of Korean Institute of Industrial Engineers
• /
• v.34 no.4
• /
• pp.460-469
• /
• 2008

Process mining aims at mining valuable information from process execution results (called "event logs"). Even though process mining techniques have proven to be a valuable tool, the mining results from real process logs are usually too complex to interpret. The main cause that leads to complex models is the diversity of process logs. To address this issue, this paper proposes a trace clustering approach that splits a process log into homogeneous subsets and applies existing process mining techniques to each subset. Based on log profiles from a process log, the approach uses existing clustering techniques to derive clusters. Our approach are implemented in ProM framework. To illustrate this, a real-life case study is also presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1963-1978
• /
• 2015

With the advancement of mobile web environments, identification and analysis of the user behavior play a significant role and remains a challenging task to implement with variations observed in the model. This paper presents an efficient method for mining optimized user behavior prediction model using genetic algorithm on mobile web structure. The framework of optimized user behavior prediction model integrates the temporary and permanent register information and is stored immediately in the form of integrated logs which have higher precision and minimize the time for determining user behavior. Then by applying the temporal characteristics, suitable time interval table is obtained by segmenting the logs. The suitable time interval table that split the huge data logs is obtained using genetic algorithm. Existing cluster based temporal mobile sequential arrangement provide efficiency without bringing down the accuracy but compromise precision during the prediction of user behavior. To efficiently discover the mobile users' behavior, prediction model is associated with region and requested services, a method called optimized user behavior Prediction Model using Genetic Algorithm (PM-GA) on mobile web structure is introduced. This paper also provides a technique called MAA during the increase in the number of models related to the region and requested services are observed. Based on our analysis, we content that PM-GA provides improved performance in terms of precision, number of mobile models generated, execution time and increasing the prediction accuracy. Experiments are conducted with different parameter on real dataset in mobile web environment. Analytical and empirical result offers an efficient and effective mining and prediction of user behavior prediction model on mobile web structure.

• Smart Media Journal
• /
• v.12 no.5
• /
• pp.58-64
• /
• 2023

In Logic Bomb, the conditions of branch statements that trigger malicious behavior cannot be detected in advance, making Android malicious app analysis difficult. Various studies have been conducted to detect potentially suspicious branch statements that can be logic bombs and triggers, but suspicious branch statements cannot be properly detected in apps that contain information determined at runtime, such as reflection. In this paper, we propose a tool that can detect suspicious branch statements even when reflection is used in Android apps. It works through recording app execution logs and analyzing the recorded log). The proposed tool can check the relationship between the called method and the branch statement by recording and analyzing the user-defined methods, Java APIs called and method information called through reflection, and branch information in the log while the Android app is running. Experimental results show that suspicious branch statements can be detected even in apps where reflection is used.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.37-41
• /
• 2019

Recently, due to the appearance of various types of malware, the existing static analysis exposes many limitations. Static analysis means analyzing the structure of a code or program with source code or object code without actually executing the (malicious) code. On the other hand, dynamic analysis in the field of information security generally refers to a form that directly executes and analyzes (malware) code, and compares and examines and analyzes the state before and after execution of (malware) code to grasp the execution flow of the program. However, dynamic analysis required analyzing huge amounts of data and logs, and it was difficult to actually store all execution flows. In this paper, we propose and implement a preprocessor architecture of a system that performs malware detection and real-time multi-dynamic analysis based on 2nd generation PT in Windows environment (Windows 10 R5 and above).

• Journal of the Korea Computer Industry Society
• /
• v.6 no.3
• /
• pp.437-446
• /
• 2005

Workflow mining is a newly emerging research issue for rediscovering and reengineering workflow models from workflow logs containing information about workflow being executed on the workflow engine. This paper newly defines a workflow process reduction mechanism that formally and automatically reduces an original workflow process to a minimal set of activities, which was used proposed 'E-walk series analysis algorithm'. Main purpose of this paper is to minimize discrepancies between the workflow process modeled and the enacted workflow process as it is actually being executed. That means, we compare a complete set of activity firing sequences on buildtime with workflow execution logs which was generate on runtime. For this purpose we proposed two algorithm, the one is 'Activity-Dependent Net Algorithm' and the other is 'E-Walk Series Analysis Algorithm'.

• Journal of Internet Computing and Services
• /
• v.20 no.3
• /
• pp.85-92
• /
• 2019

In this paper, we extract the quantitative relation data of activities from the workflow event log file recorded in the XES standard format and connect them to rediscover the workflow process model. Extract the workflow process patterns and proportions with the rediscovered model. There are four types of control-flow elements that should be used to extract workflow process patterns and portions with log files: linear (sequential) routing, disjunctive (selective) routing, conjunctive (parallel) routing, and iterative routing patterns. In this paper, we focus on four of the factors, disjunctive routing, and conjunctive path. A framework implemented by the authors' research group extracts and arranges the activity data from the log and converts the iteration of duplicate relationships into a quantitative value. Also, for accurate analysis, a parallel process is recorded in the log file based on execution time, and algorithms for finding and eliminating information distortion are designed and implemented. With these refined data, we rediscover the workflow process model following the relationship between the activities. This series of experiments are conducted using the Large Bank Transaction Process Model provided by 4TU and visualizes the experiment process and results.

• Journal of Internet Computing and Services
• /
• v.24 no.5
• /
• pp.51-66
• /
• 2023

In this paper, we propose a new type of process discovery framework, which is named as control-path-driven process group discovery framework, to be used for process mining and process reengineering in supporting life-cycle management of business process models. In addition, we develop a process mining system based on the proposed framework and perform experimental verification through it. The process execution event logs applied to the experimental effectiveness and verification are specially defined as Process BIG-Logs, and we use it as the input datasets for the proposed discovery framework. As an eventual goal of this paper, we design and implement a control path-driven process group discovery algorithm and framework that is improved from the ρ-algorithm, and we try to verify the functional correctness of the proposed algorithm and framework by using the implemented system with a BIG-Log dataset. Note that all the process mining algorithm, framework, and system developed in this paper are based on the structural information control net process modeling methodology.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.419-424
• /
• 2015

As Internet of Things (IoT) is recently serviced in several fields, the reliability and safety issues for IoT embedded systems are emerged. During the development of embedded systems, it is not easy to build the virtual execution environment and to test the developing version. Therefore, it is difficult to ensure its reliability due to lack of unit testing. In this paper, we propose a log-based unit testing framework for embedded software, which performs on real target board by extracting information of function execution. And, according to execution paths, duplicated logs are eliminated to keep a minimal log size. As a result, during system testing, testers can efficiently decide whether the executed paths of each function are correctly performed or not.